<< Prev Question Next Question >>
Question 15/38
Scenario:
Initar, an IT security service company in New Jersey, provides 24/7 cloud and IT infrastructure support to mid-sized companies. Recognizing the need for a robust business continuity strategy, Initar transitioned from informal business continuity planning to implementing a BCMS based on ISO 22301.
During the BCMS implementation, a major nonconformity was identified: the BIA report lacked a defined Maximum Tolerable Period of Disruption (MTPD), which is required by ISO 22301. The corrective action process began with the IT team conducting a root cause analysis using a cause-and-effect diagram. Based on the analysis, an action plan was drafted to update all BIAs and establish the MTPD. The plan was approved by the head of the IT department, who monitored its implementation, while the internal auditor reviewed the effectiveness of the corrective action.
Is the action plan for treating the nonconformity valid?
Initar, an IT security service company in New Jersey, provides 24/7 cloud and IT infrastructure support to mid-sized companies. Recognizing the need for a robust business continuity strategy, Initar transitioned from informal business continuity planning to implementing a BCMS based on ISO 22301.
During the BCMS implementation, a major nonconformity was identified: the BIA report lacked a defined Maximum Tolerable Period of Disruption (MTPD), which is required by ISO 22301. The corrective action process began with the IT team conducting a root cause analysis using a cause-and-effect diagram. Based on the analysis, an action plan was drafted to update all BIAs and establish the MTPD. The plan was approved by the head of the IT department, who monitored its implementation, while the internal auditor reviewed the effectiveness of the corrective action.
Is the action plan for treating the nonconformity valid?
