Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001

A

AnandR

#1
Good Morning,

I am team member in my company performing Risk Assessment, Business Continuity Planning, Testing BCP, etc as part of ISO 27001. We have employed quite a few consultants to seek their guidance to guide us in completing the activities mentioned. But, each one directs us in different directions and we have spent considerable amount of time and money with no deliverables.

Requesting help on what to do.

Thanks
Anand
 
Elsmar Forum Sponsor

Richard Regalado

Trusted Information Resource
#2
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Good Morning,

I am team member in my company performing Risk Assessment, Business Continuity Planning, Testing BCP, etc as part of ISO 27001. We have employed quite a few consultants to seek their guidance to guide us in completing the activities mentioned. But, each one directs us in different directions and we have spent considerable amount of time and money with no deliverables.

Requesting help on what to do.

Thanks
Anand
Hey AnandR! How are you man?!

Can you put more context into your question?

Where are you with the risk management process? What have you done so far? ISO/IEC 27001 provides certain tasks which must be completed -

- asset identification
- asset valuation in terms of CIA
- threat and vulnerability determination
- determine impacts to these threats
- etc etc etc

Have you performed the above steps?

Do you have a copy of ISO/IEC 27005:2011 Information security risk management? (http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=56742)

Cheers!
 
A

AnandR

#3
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

hello richard,
Thanks for your response. Yes, the asset identification with CIA and possible threats and vulnerabilities are completed. We now need to define Risk Criteria, etc and then come up with BCP and perform couple of BCP test.
Thanks
Anand
 

Richard Regalado

Trusted Information Resource
#4
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

hello richard,
Thanks for your response. Yes, the asset identification with CIA and possible threats and vulnerabilities are completed. We now need to define Risk Criteria, etc and then come up with BCP and perform couple of BCP test.
Thanks
Anand
By risk criteria are you referring to the levels of acceptable risks? If so, go and ask your management for this. They are the ones responsible for defining the amount of risk that your organization can tolerate.

Do you need a BCP?

Regards!
 
A

AnandR

#5
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Yes Richard. If I can get a sample document for BCP it would be great. Thanks
 

Richard Regalado

Trusted Information Resource
#6
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Yes Richard. If I can get a sample document for BCP it would be great. Thanks
Why do you need a BCP for your organization AnandR?

  • Is it because of the risk assessment process?
  • Is it because your consultants told you to have it?
  • Is it because you just want to have one?
 
A

AnandR

#7
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Hello Richard,
It is beacuse of SLA where we need to provide continued service.
Thanks
Anand
 

Richard Regalado

Trusted Information Resource
#8
A

AnandR

#9
Re: Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 2

Thanks a lot Richard
 
Thread starter Similar threads Forum Replies Date
M How to document Risk Assessment on Repeat Business AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
F Risk + Disaster Assessment, Fire Alarm, etc. - Records Management Business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
M Informational Final guidance – GUIDELINES on the benefit-risk assessment of the presence of phthalates in certain medical devices covering phthalates which are carc Medical Device and FDA Regulations and Standards News 0
D Risk Assessment Procedure in accordance with ISO 17025:2017 ISO 17025 related Discussions 5
M Informational EU – 12th Meeting of the Working Group on Guidelines on benefit – risk assessment of Phthalates in Medical Devices Medical Device and FDA Regulations and Standards News 0
D Doing both a top-down and a bottom-up risk assessment - How to combine ISO 14971 - Medical Device Risk Management 6
V Sequence of performing risk assessment: User_FMEA (User Errors) vs Design Inputs FMEA and Control Plans 1
chris1price Cleanroom Monitoring Plan - ISO14644-2:2015 - Risk Assessment Other Medical Device Related Standards 3
T IEC 60601-1 - Risk assessment to determine the liquid - 11.6.3 IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
P Looking for Risk Assessment Template - Not necessarily Asset based IEC 27001 - Information Security Management Systems (ISMS) 1
S Can anybody share a sample risk assessment prepared based on ISO 17025:2017? ISO 17025 related Discussions 15
M Informational EU – SCHEER – Minutes of the Working Group meeting on guidelines on the benefit-risk assessment of the presence of phthalates in certain medical devic Medical Device and FDA Regulations and Standards News 1
Q Risk & opportunity assessment - ISO 14001 ISO 14001:2015 Specific Discussions 1
D CAPA vs. Risk Assessment - Changing a product material for better performance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Simple supplier evaluation qualification process form that includes Risk Assessment Document Control Systems, Procedures, Forms and Templates 2
K Risk Assessment Registry - ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
D Qualitative vs. Quantitative Risk Assessment AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
B Process Risk Assessment Example for a Manufacturing Company Quality Tools, Improvement and Analysis 2
A Risk Assessment Technique that fits the Context of the Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Risk Impact - Risk Assessment Sample/Method per ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
somashekar How to put in place a Risk Assessment of Vulnerabilities & Corruption... Sustainability, Green Initiatives and Ecology 2
A Preventive Action and Risk Assessment Audit Process Audits and Layered Process Audits 5
A Risk Assessment- What to do? ISO 14971 - Medical Device Risk Management 3
somashekar FDA proposal on Medical Device Accessory Risk Assessment Other US Medical Device Regulations 15
V Risk Assessment Precedence - FMEA > Risk Matrix (Modified PHA) > Ishikawa? FMEA and Control Plans 11
M Risk Assessment & Contingency Planning (API Q1, 9th. Ed.) Oil and Gas Industry Standards and Regulations 9
P Example Risk Assessment for CAPA's Document Control Systems, Procedures, Forms and Templates 5
S Product Risk Assessment and Management Procedure per API Q1 9th Edition Oil and Gas Industry Standards and Regulations 8
J Timeframes for Risk-Based Biocompatibiilty Assessment Other Medical Device Related Standards 3
SteveK RoHS Conformity Risk Assessment - Medical Devices RoHS, REACH, ELV, IMDS and Restricted Substances 2
J API Q1-9 Critical Supppliers 5.6.1.2 and Risk Assessment Oil and Gas Industry Standards and Regulations 6
A Risk Assessment Considerations for various Activities Occupational Health & Safety Management Standards 10
S Can anyone share template for Device Risk Assessment ? ISO 14971 - Medical Device Risk Management 2
S Definition Technical Risk Assessment - Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
Wes Bucey The Ethics of Risk Assessment Philosophy, Gurus, Innovation and Evolution 13
AnaMariaVR2 Structured Approach to Benefit-Risk Assessment in Drug Regulatory Decision-Making Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
P What are FMEA Risk assessment techniques? FMEA and Control Plans 4
V Which Risk Assessment tool is adequate? FMEA and Control Plans 2
V How to Measure Effectiveness of Risk Assessment Processes FMEA and Control Plans 7
Wes Bucey Supply Chain Risk Assessment - Asia Floods Business Continuity & Resiliency Planning (BCRP) 1
V Examples of Risk Assessment (FMEA) through the Life Cycle of the Product Development ISO 14971 - Medical Device Risk Management 16
V PIC/S Committee has adopted an Aide-Memoire on Assessment of Quality Risk Management ISO 14971 - Medical Device Risk Management 2
S Hazard Identification and Risk Assessment - Can Risk Assessment be "Grandfathered"? Occupational Health & Safety Management Standards 4
G Pharmaceutical Risk Assessment - Use of Medical Staff Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 4
E Meeting ISO 10993-1 2009 Material Risk Assessment Requirements Other Medical Device Related Standards 13
K Risk Assessment / FMEA - Using the same Risk Opportunities - Opinion Question AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 9
P Risk Assessment Production Process Milling for Implantable Joints EU Medical Device Regulations 2
R Risk Assessment Matrix Question - Inputs from the DFMEA, etc. FMEA and Control Plans 9
Similar threads


















































Top Bottom