JuneFoo

Starting to get Involved
#1
Any one can share Business Impact Analysis SOP, which required to meet ISO 22301:2012 clause 8.2 Business Impact Analysis and risk assessment requirement? Does maintain a formal documented process mean we need to have SOP? Thanks in advance!
 

dsheaffe

Involved In Discussions
#2
Sorry can't help with supplying a document. But if the standard is asking for a "formal documented process" - then you would need to have something documented regardless of what you call it - and how detailed it is (eg, it might be just a section within a document on business continuity)

If you are already doing BIA, then could you just document that, or are you needing clarification/confirmation on how you should be doing a BIA.

Sorry couldn't be more help
 

Richard Regalado

Quite Involved in Discussions
#3
Any one can share Business Impact Analysis SOP, which required to meet ISO 22301:2012 clause 8.2 Business Impact Analysis and risk assessment requirement? Does maintain a formal documented process mean we need to have SOP? Thanks in advance!
Hello JuneFoo. Sorry for the late reply.

Every organization's procedure for conducting a business impact analysis and risk assessment is unique to that organization owing to different factors - the industry they are in; their culture; the technology they are using; contractual and legal requirements; location; competency of their people; and many other things. I suggest that you observe or study how you make your own analysis, and document your process.

If I share with you an SOP, it would not be that beneficial to you, or your organization. Unless, you have not done a BIA yet.

Let me know if you need further help.
 

Top