So if everything is not working as it should, the situation will become very embarrassing. Therefore, it is very important to know the whole process of certification, what will the auditors be looking for, and what are their powers. Having such knowledge increases your confidence and makes the whole project less stressful.
Implementation of ISO reduces risks related to confidentiality, availability, and integrity of information in an organization. It also helps the organization to achieve conformity with legislation regulating protection of confidential information, protection of information systems, personal data protection, etc.
Finally, implementation of the standard should reduce business costs due to fewer incidents, and improve marketing because of the publicity that can be gained with the standard.
ISO specifies controls that can be used to reduce security risks, and ISO provides details on how to implement these controls. This was a British standard with the full name BS , which defined business continuity management systems. This standard was replaced by ISO in ISO defines information security management, which also includes business continuity management. Further, ISO and ISO contain elements that are almost identical documentation management, internal audits, management review, corrective and preventive actions , so these standards are fully compatible.
Yes — in that case, the emphasis will be on how to ensure availability of information and business processes in the case of disaster, etc. This really depends on a large number of factors, but generally, smaller organizations may need 3 to 6 months, organizations with up to people will need 8 to 12 months, and larger organizations 12 months or more.
Use this Implementation Duration Calculator to calculate the duration more precisely. For small organizations that do business at a smaller number of locations, it is better to implement the standard for the whole organization. It is true that ISO requires some mandatory documents, but their number depends on the size and complexity of the organization — a small organization with no great security requirements will need only a dozen documents; a large bank may require several hundred documents.
It means that if you already have documentation for ISO , you can use those same procedures for BS with only minor adjustments. What are the differences? The main difference is in the level of detail. ISO covers a much wider area, and is therefore not very precise when it comes to BC; on the other hand, BS describes in detail how to perform business impact analysis, how to define business continuity strategy, or what the contents of BC plans shall be etc.
To conclude - the point here is that you can think of business continuity as part of information security.
0コメント