Business Continuity Management Systems (BCMS, ISO 22301:2019) Internal Auditor Training Course
Through the management system auditing and certification, the organization can demonstrate its ability on legal, legislation (i.e. Emergency, Transportation, Financial, Utility service availability regulations), standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. 7x24 services, Supply Chain Continuity), policy and procedures compliance.
Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.
The successful completion of this course is pre-requisite and essential to becoming a BCMS (ISO 22301, Business Continuity Management Systems) Internal Auditor.
To participate in this training course, the following prior knowledge was expected:
- Knowledge of Management System Compliance (ISO 19600)
- Process approach (Plan-Do-Check-Act)
- Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies and procedures.
- Top management leadership, other roles and responsibilities to support management system
- Consideration of planning a management system - identify the organizational and technical measures to manage the identified risk
- Supporting required by the management system
- Management system operation consideration - monitoring, reporting and communicating
- Performance evaluation of a management - objectives evaluation, Internal Audits, and Management Review
- Continually improve the effectiveness of a management system
- Knowledge of Business Continuity management principles and concepts includes but not limited to:
- The purpose and benefits of a business impact analysis (BIA)
- The principals of risk assessment and analysis
- Typical business continuity strategies
- Business continuity response options
- Recovery procedures
- BCMS performance metrics, monitoring and performance measurement
- BCP exercise and testing methodologies
- Management system audit (ISO 19011)
- Audit programme management
- Initial the audit
- Prepare for an audit
- Document review
- Preparing for an on-site audit
- Audit skills
- Conducting on-site audit
- Preparation of Audit evidence and findings
- Audit report
- Audit follow-up
- ISO 22301: Knowledge of the requirements of ISO 22301 (with ISO 22313) and the commonly used business continuity management terms and definitions, as given in ISO 22300.
- Understand the management system certification requirements, i.e. ISO/IEC 17021-1 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements
Note. You are advised that course examination questions can relate to any requirement of ISO 22301 and the expected prior knowledge. For delegates who do not have these, we recommend attending our Foundation training course.
Who should attend?
This course is intended for those who will be involved in leading audits of a BCMS that conforms to ISO 22301:2012 in any organization.
Suggested job functions and their teams include:
- Those wishing to implement a BCMS in accordance with ISO 22301
- Management professional who operate emergency response services, i.e. data center, help desk, problem management
- The existing auditor who wants to expand their auditing skills
- Consultants who wish to provide advice on ISO 22301 implementation
- IT and corporate security managers
- Corporate governance managers
- Risk and compliance managers
- Learn how to explain the purpose and business benefits of a BCMS, of BCMS standards, of management system internal audit.
- Learn how to explain the role of an auditor to plan, conduct, report, and follow-up a BCMS internal audit in accordance with ISO 19011.
- Learn the how to plan, conduct, report and follow-up an internal audit of a BCMS to establish conformity (or otherwise) with ISO 22301 in accordance with ISO 19011.
- Your organization will have an internal resource and process to be able to conduct its own internal audit of its BCMS to assess and improve conformance with ISO 22301
- You will gain a professional qualification that certifies that you have the knowledge and skills to be able to conduct an internal audit of a BCMS.
- Successful auditing will improve the business continuity capability and quality to meet market assurance and corporate governance needs
- Understand how to identify gaps in an BCMS system
- Accurately audit will be able to provide continuous improvement to a management system
Day 1, Management systems knowledge (ISO 22301)
Overview to management system structure (MSS) and process approach (PDCA) - ISO 22301
- Understand the organization's compliance risk
- Management systems and PDCA
- Management system internal audit requirements and process
- Auditor responsibilities
- Planning the audit (i.e. audit plan, checklist, and notes)
Day 2, Guidelines for auditing management systems (ISO 19011)
- Conducting the audit (includes opening meeting, audit skills, collect audit evidence, and audit findings)
- Report and close the audit (includes audit conclusion, audit report and closing meeting)
- Follow up the audit
- Course summary / Q&A / Course examination
- Course material
- Course examination
- Course certificate