BCMS Material

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

5. Conducting a Follow-Up Audit

ISO 17021, clause 9.1.12-13
 Based on the audit conclusions, the auditor may have to

conduct a follow-up audit before the organization is
recommended for certification
 Verification of action plans and corrective measures
related to the non-conformities identified in the audit
report

A major non-conformity should
usually involve a follow-up audit

103

6. Certification Decision

ISO 17021, clause 7.5.2 and 9.2.5.1

The certification body must make the certification
decision based on:

An evaluation of the results and conclusions of
the audit
Any other relevant information (for example,
public information, client comments on the audit
report)

The auditors having taken part in the audit
never take part in the certification decision

104

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 253

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Elements to Audit During
a Surveillance Audit

ISO 17021, clause 9.3.2

Change Internal Audit The surveillance audit aims to
Management ensure that the BCMS is still
implemented and is improving

Action Management Continual Complaints Use of
Plans Review Improvement and Trademarks

Suggestions

The audit is mainly focused on Control Effectiveness
continual improvement as on of and

the action plans follow-up Operations Metrics

105

Recertification Audit

ISO 17021, clause 9.4

 A recertification audit shall be planned and
conducted to evaluate the continued fulfillment of all
of the requirements every three years

 The recertification audit shall consider the
performance of the management system over the
period of certification, and include the review of
previous surveillance audit reports

 The duration of a recertification audit should be 2/3
of the time spent on the initial audit

106

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 254

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Use of Certification Bodies and ISO
Trademarks

ISO 17021, clause 8.4.1

 A certified organization is authorized to display
publically its certification and to use it for marketing
purposes

 The certification cannot be displayed directly on a
product or in a way that would lead to believe that
the product is certified

 The certification body will provide to the auditee a
logo that can be used for marketing

107

Questions?

108

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 255

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Certified ISO 22301
Lead Implementer Training
Section 32

Competence and evaluation of a Lead Implementer

a. Competencies of a Lead Implementer
b.&ertification scheme
c. Applying for certification
d. Continual improvement of competencies

109

Definitions of Competence Context

ISO 9000, clause 3.1.6

Competence Behavioral Knowledge- Knowledge
able
 Demonstrated ability skills
to implement Competent
knowledge and skills

Skills

110

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 256

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Behavioral Skills

Behavioral Skills

1. Integrity 5. Perceptive 10. Responsible
2. Open minded 6. Versatile 11. Open to improvement
7. Tenacious 12. Culturally sensitive
3. Diplomatic 8. Decisive
4. Observant 9. Self-reliant 13. Collaborative

111

ISO 22301 Certification Scheme

Requirements summary

Exam Professional Professional BCMS Audit BCMS Project
Credential Experiencele Experience Experience
ISO 22301
Foundation ISO 22301 ------------ ------------ ------------
Foundation ------------ ------------
ISO 22301 ------------ 200 hours ------------
Lead Auditor ISO 22301 300 hours ------------
Provisional Auditor 2 years (1 in ------------ ------------
ISO 22301 Business continuity) ------------ 200 hours
Lead Implementer ISO 22301 ------------ 300 hours
Auditor 5 years (2 in 500 hours 500 hours
LA ISO 22301 + Business continuity)
LI ISO 22301 ISO 22301
Lead Auditor ------------

ISO 22301 Provisional 2 years (1 in
Implementer Business continuity)

ISO 22301 5 years (2 in
Implementer Business continuity)

ISO 22301 10 years (6 in
Lead Implementer Business continuity)

ISO 22301
Master

112

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 257

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Certification Process

1. (xam 2. CPD certificate 3. Exam results 4. Applying for
certification

5. Evaluation of 6. Certification 7. Maintaining
your application certification

113

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 258

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Questions?

123

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 263

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 264

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 265

This page has been left blank Intentionally

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Exam Preparation Guide

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 267

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 268

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 269

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 270

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 271

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 272

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 273

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 274

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 275

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 276

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 277

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 278

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 279

This page has been left blank Intentionally

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Appendix A

Case Study

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 281

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 282

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 283

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 284

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 285

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 286

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 287

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 288

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 289

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 290

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 291

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 292

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 293

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 294

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 295

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 296

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Appendix B

Exercises

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 297

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 298

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 299

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 300

ISO 22301 Business Continuity Management | Lead Implementer | Participant Handbook

Copyright © 2013, ITpreneurs Nederland B.V. All rights reserved. 301