> For the complete documentation index, see [llms.txt](https://calvin-lai.gitbook.io/calvin-lai-security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://calvin-lai.gitbook.io/calvin-lai-security/iso-27001/q-and-a.md).

# Q\&A

{% content-ref url="/pages/GWSDjvHfuf2k0R3TUGSm" %}
[Can internal audit to replace the risk assessment](/calvin-lai-security/iso-27001/q-and-a/can-internal-audit-to-replace-the-risk-assessment.md)
{% endcontent-ref %}

{% content-ref url="/pages/WsbpYw0GKoukQfzFkMKH" %}
[Is it sufficient for only the IT department head to support the ISO 27001 program](/calvin-lai-security/iso-27001/q-and-a/is-it-sufficient-for-only-the-it-department-head-to-support-the-iso-27001-program.md)
{% endcontent-ref %}

{% content-ref url="/pages/VmD1gJ1TM2ohIBNiP3uj" %}
[Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?](/calvin-lai-security/iso-27001/q-and-a/does-the-business-continuity-plan-bcp-and-a-disaster-recovery-plan-drp-are-the-same.md)
{% endcontent-ref %}
