| Clause |
Description of Clause |
Action to be Taken |
| 4.2.1 |
List of legal, regulatory and other requirements |
Lists everything you need to comply with |
| 4.3 |
The scope of the BCMS and explanation of exclusions |
Defines where your BCMS will be implemented. |
| 5.2 |
Business continuity policy |
Defines main responsibilities, and the intent of the management. |
| 6.2 |
Business continuity objectives |
Defines measurable objectives that are to be achieved with business continuity. |
| 7.2 |
Competencies of personnel |
Define knowledge and skills needed by staff with Business Continuity responsibilities |
| 8.4 |
Business continuity plans and procedures |
Includes plans and procedures for response, communication, recovery (including disaster recovery plans), restore and return activities. |
| 8.4.3.1 |
Documented communication with interested parties |
These could be emails, but also social communication from sources such as government agencies and others. |
| 8.4.3.1 |
Records of important information about the disruption, actions taken and decisions made |
Normally these records are done through minutes or by lling out checklists of performed activities. |
| 9.1.1 |
Data and results of monitoring and measurement |
Evaluation on whether BCMS meets the objectives |
| 9.2 |
Internal audit program/Results of internal audit |
The Internal Audit Report |
| 10.1 |
Nature of non-conformities and actions taken |
A description of non-conformities and their causes |
| 10.1 |
Results of corrective actions |
A description of what has been done to eliminate non-conformities via corrective actions |