Show me desktop version
CALL US +1 (646) 759 9933

The ISO 27001 & ISO 22301 Blog

Using ISO 22301 business continuity practices to support mass public events

Managing public events with hundreds or thousands of people is a challenge, as disruptions of these events may result in huge material losses or even loss of life. We face the classic situation where disruptions may lead to unforeseeable consequences. As such, a business continuity approach based on ISO 22301 appears …

Read More ...

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...

The blessing of continuous improvement in ISO 22301

As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be achieved if improvements are applied to different aspects of the BCM approach. What improvement area or areas may have high priority is mainly dictated by the actual situation of the …

Read More ...

Risk assessment vs. internal audit in ISO 27001 and ISO 22301

Quite often I see people searching for ISO 27001 or ISO 22301 checklists for performing the internal audit; however, they expect those checklists to help them with, e.g., which information does the organization have, who has access to it, how is it protected, how confidential is it, etc. The problem is – …

Read More ...

Roles and responsibilities of top management in ISO 27001 and ISO 22301

Did you know that, in most cases, failure to implement ISO 27001 or ISO 22301 was directly related to the fact that top management did not want to assume their responsibilities for information security / business continuity in their companies? OK, you probably knew that. But, what are these responsibilities, …

Read More ...

Why is management review important for ISO 27001 and ISO 22301?

Like some other clauses in ISO 27001 and ISO 22301, clause 9.3, which defines requirements for management review, is one of the most misunderstood and most underappreciated elements of these standards. In practice, this review is usually done only to satisfy the certification auditor, but by doing so a great …

Read More ...

Setting the business continuity objectives in ISO 22301

Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives exist? What are they used for? How are they set? Let’s see… Purpose of business …

Read More ...

The purpose of Business continuity policy according to ISO 22301

Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster recovery practitioners are asking themselves, so here’s why ISO 22301 (a leading business continuity management standard) says it’s mandatory. Main purpose The …

Read More ...

ISO 22301 vs. ISO 22313

I was quite skeptical when I started to read ISO 22313, the guidance standard on business continuity management, but I was proved to be wrong. It can be quite useful as a supplement to ISO 22301 – here’s what I found: Similarities and differences If you are familiar with ISO …

Read More ...

Dilemmas with ISO 27001 & BS 25999-2 internal auditors

If this is the first time you have come across the notion of internal auditor, you are probably puzzled – Why would I need another control? Who is going to pay for it? Who should I employ to do it? It is such a waste of time… Well, it doesn’t …

Read More ...
FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301
Wednesday - September 27, 2017
Show posts:

OUR PARTNERS

  • Exemplar Global (formerly RABQSA) is leading international
    authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited.
    Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of
    accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933