Any one can share Business Impact Analysis SOP, which required to meet ISO 22301:2012 clause 8.2 Business Impact Analysis and risk assessment requirement? Does maintain a formal documented process mean we need to have SOP? Thanks in advance!
Sorry can't help with supplying a document. But if the standard is asking for a "formal documented process" - then you would need to have something documented regardless of what you call it - and how detailed it is (eg, it might be just a section within a document on business continuity)
If you are already doing BIA, then could you just document that, or are you needing clarification/confirmation on how you should be doing a BIA.
Any one can share Business Impact Analysis SOP, which required to meet ISO 22301:2012 clause 8.2 Business Impact Analysis and risk assessment requirement? Does maintain a formal documented process mean we need to have SOP? Thanks in advance!
Every organization's procedure for conducting a business impact analysis and risk assessment is unique to that organization owing to different factors - the industry they are in; their culture; the technology they are using; contractual and legal requirements; location; competency of their people; and many other things. I suggest that you observe or study how you make your own analysis, and document your process.
If I share with you an SOP, it would not be that beneficial to you, or your organization. Unless, you have not done a BIA yet.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to the use of cookies.