# Q\&A

{% content-ref url="q-and-a/can-internal-audit-to-replace-the-risk-assessment" %}
[can-internal-audit-to-replace-the-risk-assessment](https://calvin-lai.gitbook.io/calvin-lai-security/iso-27001/q-and-a/can-internal-audit-to-replace-the-risk-assessment)
{% endcontent-ref %}

{% content-ref url="q-and-a/is-it-sufficient-for-only-the-it-department-head-to-support-the-iso-27001-program" %}
[is-it-sufficient-for-only-the-it-department-head-to-support-the-iso-27001-program](https://calvin-lai.gitbook.io/calvin-lai-security/iso-27001/q-and-a/is-it-sufficient-for-only-the-it-department-head-to-support-the-iso-27001-program)
{% endcontent-ref %}

{% content-ref url="q-and-a/does-the-business-continuity-plan-bcp-and-a-disaster-recovery-plan-drp-are-the-same" %}
[does-the-business-continuity-plan-bcp-and-a-disaster-recovery-plan-drp-are-the-same](https://calvin-lai.gitbook.io/calvin-lai-security/iso-27001/q-and-a/does-the-business-continuity-plan-bcp-and-a-disaster-recovery-plan-drp-are-the-same)
{% endcontent-ref %}