CQI-IRCA ISO 22301:2019 BCMS Lead Auditor

Course details

The ISO 22301:2019 Business Continuity Management Lead Auditor training and certification program aims to deliver knowledge about the key concepts of business continuity, clarify the benefits of a Business Continuity Management System (BCMS), and familiarize participants with the requirements of ISO 22301.

The concept of Business Continuity Management lies in how an organization reacts to a natural disaster or cyber-attack. This course covers all aspects of Business Continuity Management, including the policies and procedures developed, tested, and used when an incident occurs. The policy defines the program’s scope, key parties, and management structure.

Learning Outcomes

• Learn the importance and benefits of an ISO 22301:2019 BCMS
• Understand the key requirements, terms and definitions of ISO 22301:2019 and its structure
• Explain the role of an auditor to plan, conduct, report and follow up an audit in accordance with ISO 22301
• Conduct effective audits in any auditing situation
• Establish and plan the activities of an audit team

Course Content

Day 1 – Introduction to Business Continuity Management System

• Terms and definitions

• Management system structure (MSS) and process approach (PDCA)

• Understanding of organization, interested parties and their requirements

• Management system scoping

• Top management leadership, management system policy and objectives

• Support the management system

Day 2 – Business Continuity Risk Management

• Business risk management requirements and process (BIA, business impact analysis)

• Risk assessment (identify the risk, risk analysis, and risk evaluation)

• Risk treatment (business continuity strategy)

• Incident management process

• Business continuity management and plans (BCPs)

• BCM exercising and testing

• Documented management system (standard requirements and from the organization)

Day 3 – Guidance and Audit: Simulating Audit Planning & Preparation

• Roles and responsibilities in an audit

• Management performance evaluation and continual improvement requirements

• Different types of audit

• Audit programme and purpose

• Planning an audit (initiate the audit, feasibility analysis)

• Conduct a Stage 1 audit (document review)

• Preparation for Stage 2 (on-site) audit - audit plan

• Preparation of audit work documents including checklist and audit trails

Day 4 – Audit Simulation: On-site Audit Activities & Role-play

• Opening meeting

• Roleplay for audit scenarios

• Practice audit skills of collecting audit evidence

• Prepare audit findings and results, including conformance, non-conformity (NC), and opportunity for improvement (OFI)

• Prepare audit report

Day 5 – Audit Simulation: Closing Meeting, Follow-up & Certification

• Audit conclusion

• Closing meeting

• Audit follow-up

• Evaluating correction, corrective action, including root cause analysis and audit finding closure

• Management system certification

• Course summary and examination