A Business Continuity Management System (BCMS) is intended to help an organisation constantly improve its business continuity performance, satisfy legal and other responsibilities, and achieve its business continuity objectives. One of four critical assurance processes in a well-managed BCMS is an internal audit program. You will benefit from the course by learning and developing the skills needed to conduct audits with a variety of goals, such as analysing an organisation’s ability to achieve its anticipated results. This course teaches you how to analyse and report on the efficacy and execution of ISO 22301:2019-compliant procedures. Using a case study, you will learn how to start an audit, plan and conduct audit activities, compile and disseminate audit reports, and do follow-up activities.
Who Should Attend?
Anyone involved in auditing, maintaining, or supervising an ISO 22301:2019 BCMS
By the end of the course, the learner will be able to:
• Understand ISO 19011 management system auditing requirements.
• Describe the aim of a BCMS, including the concepts, procedures, and techniques utilized for management and assessment of a BCM system.
• Describe the objective and scope of ISO 22301.
• Interpret ISO 22301 requirements in the context of a BCMS audit
• Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of BCSM, in accordance with ISO 22301 and ISO 9001
• The application of these guidelines to auditing a BCMS intended to conform to ISO 22301:2019
• Plan and prepare for an internal audit, gather audit evidence through observation, interview and sampling of documents and records
• Initiate, Prepare and Conduct audit activities
• Prepare and distribute the audit report
• Complete the audit
• Follow-up corrective actions and ‘close-out’
1. The publication of new ISO 22301 standard
2. PDCA Approach
3. Context of organization
4. Leadership role
5. Business Continuity Management System (BCMS)
6. Maximum Acceptable Outage (MAO)
7. Recovery Time Objective (RTO)
8. Security and resilience
9. Recovery Point Objective (RPO)
10. Minimum Business Continuity Objective (MBCO)
11. Business impact analysis and risk assessment
12. Business continuity strategies and solutions
13. Business continuity plans and procedures
14. Exercise program
15. Assessment of business continuity documentation and capabilities
• Understand the general internal auditing requirements of management system standards with which you will be required to comply. This will contain the meanings and intentions of certification criteria, as well as the procedures, procedures, or instruments connected with them.
• Prepare, conduct and follow-up on ISO 22301:2019 audit activities
• Identify and apply the requirements of an ISO 22301:2019 audit
• Write factual audit reports and suggest corrective actions
• Certificate of competence.
• Certificate of attendance.
• There will be an assessment at the end of the course.
• Delegates have to complete the assessment with a minimum score of 60% to receive a certificate of competence.
• Delegates who score between 40% and 59% will get a second attempt at the assessment.
• Delegates who score lower than 40% or fail the second attempt, will need to repurchase the course.
• Delegates will receive an attendance certificate regardless of a pass or fail.
- Understand the general internal auditing requirements of management system standards with which you will be required to comply. This will contain the meanings and intentions of certification criteria, as well as the procedures, procedures, or instruments connected with them.
- Prepare, conduct and follow-up on ISO 22301:2019 audit activities
- Identify and apply the requirements of an ISO 22301:2019 audit
- Write factual audit reports and suggest corrective actions