BCMS Compliance

Is business Continuity management means only IT disaster recovery?

No, IT disaster recovery means to recover the IT asset of the organization which is damaged by the disaster. When business continuity management deal with the recovery of the critical business processes and its look for to maintain the stakeholder value for the organization by maintaining the SLA.

Does ISO 22301 have to be implemented throughout the entire organization?

No, it is not mandatory to implement ISO 22301 for the entire organization. You can define the scope for the same. i.e for some particular project / department.

If my organization is not ISO 27001 certified, is my organization is eligible for ISO 22301 certification?

Yes, you can implement the ISO 22301 irrespective of implementation of ISO 27001. You have to consider the availability of the information in the case of disruptive incidents.

As BCM is already covered by ISO 27001, why we need to implement ISO 22301?

ISO 27001 is talking about business continuity management but there is no discussion about how to implement the BCM. ISO 22301 have implementation part of BCMS.

What is the requirement to get certified for ISO 22301?

You must have all the documents mentioned in the standards. At least one-time internal audit and one management review is preferable before going to certification for ISO 22301.

How much time will it take for implementation?

It depends on the nature, role, and size of the organization. Generally, a small organization will take 4 ? 6 month and large organization will take almost 1 year for implementation.