Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001

A

AnandR

Good Morning,

I am team member in my company performing Risk Assessment, Business Continuity Planning, Testing BCP, etc as part of ISO 27001. We have employed quite a few consultants to seek their guidance to guide us in completing the activities mentioned. But, each one directs us in different directions and we have spent considerable amount of time and money with no deliverables.

Requesting help on what to do.

Thanks
Anand
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

AnandR said:
Good Morning,

I am team member in my company performing Risk Assessment, Business Continuity Planning, Testing BCP, etc as part of ISO 27001. We have employed quite a few consultants to seek their guidance to guide us in completing the activities mentioned. But, each one directs us in different directions and we have spent considerable amount of time and money with no deliverables.

Requesting help on what to do.

Thanks
Anand
Click to expand...

Hey AnandR! How are you man?!

Can you put more context into your question?

Where are you with the risk management process? What have you done so far? ISO/IEC 27001 provides certain tasks which must be completed -

- asset identification
- asset valuation in terms of CIA
- threat and vulnerability determination
- determine impacts to these threats
- etc etc etc

Have you performed the above steps?

Do you have a copy of ISO/IEC 27005:2011 Information security risk management? (http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=56742)

Cheers!
 
A

AnandR

Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

hello richard,
Thanks for your response. Yes, the asset identification with CIA and possible threats and vulnerabilities are completed. We now need to define Risk Criteria, etc and then come up with BCP and perform couple of BCP test.
Thanks
Anand
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

AnandR said:
hello richard,
Thanks for your response. Yes, the asset identification with CIA and possible threats and vulnerabilities are completed. We now need to define Risk Criteria, etc and then come up with BCP and perform couple of BCP test.
Thanks
Anand
Click to expand...

By risk criteria are you referring to the levels of acceptable risks? If so, go and ask your management for this. They are the ones responsible for defining the amount of risk that your organization can tolerate.

Do you need a BCP?

Regards!
 
A

AnandR

Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Yes Richard. If I can get a sample document for BCP it would be great. Thanks
 
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

AnandR said:
Yes Richard. If I can get a sample document for BCP it would be great. Thanks
Click to expand...

Why do you need a BCP for your organization AnandR?

  • Is it because of the risk assessment process?
  • Is it because your consultants told you to have it?
  • Is it because you just want to have one?
 
A

AnandR

Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Hello Richard,
It is beacuse of SLA where we need to provide continued service.
Thanks
Anand
 
Richard Regalado

Richard Regalado

Trusted Information Resource
A

AnandR

Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Thanks a lot Richard
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M How to document Risk Assessment on Repeat Business AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
F Risk + Disaster Assessment, Fire Alarm, etc. - Records Management Business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
A Risk Assessment for ISO 13485:2016 section 7?? ISO 13485:2016 - Medical Device Quality Management Systems 11
B ERP software validation - risk assessment vs validation scope ISO 13485:2016 - Medical Device Quality Management Systems 11
T Risk Assessment and Management [Deleted] Misc. Quality Assurance and Business Systems Related Topics 1
P Scenario based risk assessment IEC 27001 - Information Security Management Systems (ISMS) 1
Q KPI risk assessment - Criteria for the given score IATF 16949 - Automotive Quality Systems Standard 3
Q Measurement Equipment Revocation - Looking for a Disposal Form with Risk Assessment IATF 16949 - Automotive Quality Systems Standard 10
Moncia Chemical risk assessment / COSHH Manufacturing and Related Processes 5
J Risk Assessment of Lithium Ion Batteries FMEA and Control Plans 3
Q FMEA and Risk assessment in Microsoft Access FMEA and Control Plans 6
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 14
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 2
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
M Informational Final guidance – GUIDELINES on the benefit-risk assessment of the presence of phthalates in certain medical devices covering phthalates which are carc Medical Device and FDA Regulations and Standards News 0
D Risk Assessment Procedure in accordance with ISO 17025:2017 ISO 17025 related Discussions 5
M Informational EU – 12th Meeting of the Working Group on Guidelines on benefit – risk assessment of Phthalates in Medical Devices Medical Device and FDA Regulations and Standards News 0
D Doing both a top-down and a bottom-up risk assessment - How to combine ISO 14971 - Medical Device Risk Management 30
V Sequence of performing risk assessment: User_FMEA (User Errors) vs Design Inputs FMEA and Control Plans 1
chris1price Cleanroom Monitoring Plan - ISO14644-2:2015 - Risk Assessment Other Medical Device Related Standards 3
T IEC 60601-1 - Risk assessment to determine the liquid - 11.6.3 IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
P Looking for Risk Assessment Template - Not necessarily Asset based IEC 27001 - Information Security Management Systems (ISMS) 1
S Can anybody share a sample risk assessment prepared based on ISO 17025:2017? ISO 17025 related Discussions 15
M Informational EU – SCHEER – Minutes of the Working Group meeting on guidelines on the benefit-risk assessment of the presence of phthalates in certain medical devic Medical Device and FDA Regulations and Standards News 1
Q Risk & opportunity assessment - ISO 14001 ISO 14001:2015 Specific Discussions 1
Don Fardie CAPA vs. Risk Assessment - Changing a product material for better performance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Simple supplier evaluation qualification process form that includes Risk Assessment Document Control Systems, Procedures, Forms and Templates 2
K Risk Assessment Registry - ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
D Qualitative vs. Quantitative Risk Assessment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
B Process Risk Assessment Example for a Manufacturing Company Quality Tools, Improvement and Analysis 2
armani Risk Assessment Technique that fits the Context of the Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Risk Impact - Risk Assessment Sample/Method per ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
somashekar How to put in place a Risk Assessment of Vulnerabilities & Corruption... Sustainability, Green Initiatives and Ecology 2
A Preventive Action and Risk Assessment Audit Process Audits and Layered Process Audits 5
alimary15 Risk Assessment- What to do? ISO 14971 - Medical Device Risk Management 3
somashekar FDA proposal on Medical Device Accessory Risk Assessment Other US Medical Device Regulations 15
V Risk Assessment Precedence - FMEA > Risk Matrix (Modified PHA) > Ishikawa? FMEA and Control Plans 11
M Risk Assessment & Contingency Planning (API Q1, 9th. Ed.) Oil and Gas Industry Standards and Regulations 9
P Example Risk Assessment for CAPA's Document Control Systems, Procedures, Forms and Templates 5
S Product Risk Assessment and Management Procedure per API Q1 9th Edition Oil and Gas Industry Standards and Regulations 8
J Timeframes for Risk-Based Biocompatibiilty Assessment Other Medical Device Related Standards 3
S RoHS Conformity Risk Assessment - Medical Devices RoHS, REACH, ELV, IMDS and Restricted Substances 2
J API Q1-9 Critical Supppliers 5.6.1.2 and Risk Assessment Oil and Gas Industry Standards and Regulations 6
A Risk Assessment Considerations for various Activities Occupational Health & Safety Management Standards 10

Similar threads

Top Bottom