BCMS ISO 22301:2019 Lead Auditor (Business Continuity Management Systems) Training Course


Floods, cyber-attacks, IT breakdowns, supply chain issues or loss of skilled staff are just some of the possible threats to the smooth running of an organization. If not addressed effectively, they can cause disruption or even business failure. Consistent planning for what to do when disaster strikes means a more effective response and a quicker recovery. 

ISO 22301, Security and resilience – Business continuity management systems – Requirements, was the world’s first International Standard for implementing and maintaining effective business continuity plans, systems and processes when it was published in 2012. Now it has been revised to bring it up to date with the latest thinking and best practice.


Who is ISO 22301 for ?

ISO 22301 is applicable to all organizations, regardless of size, industry or nature of business. It is also relevant to certification and regulatory bodies as it enables them to assess an organization’s ability to meet its legal or regulatory requirements.

Based on ISO’s High-Level Structure (HLS), it aligns with many other internationally recognized management system standards, such as ISO 9001 (quality management), ISO/IEC 27001 (information security management) and ISO 14001 (environmental management). As such, it is designed to be integrated into an organization’s existing management processes.

ISO 22301 is useful for business continuity and risk professionals, supply chain directors, audit managers and associates, developers of corporate social responsibility reports, regulatory bodies and anyone else involved or interested in business continuity.


What are the benefits for my business ?

ISO 22301 brings together international best practice to help organizations respond to, and recover from, disruptions effectively. This means reduced costs and less impact on business performance should something go wrong. What’s more, companies with multiple sites or divisions can rely on the same consistent approach throughout the entire organization.

Other benefits include :

    • The ability to reassure clients, suppliers, regulators and other stakeholders that the organization has sound systems and processes in place for business continuity
    • Improved business performance and organizational resilience
    • A better understanding of the business through analysis of critical issues and areas of vulnerability

ISO 22301 also gives a clear and detailed view of how an organization operates, offering valuable insights that are useful for strategic planning, risk management, supply chain management, business transformation and resource management.


Course Introduction 

This CQI (Chartered Quality Institute) / IRCA (International Register of Certificated Auditors) certified Business Continuity Management Systems (BCMS) Lead Auditor Training Course (Registered Course ID: 2396) is part of the International recognized CQI/IRCA BCMS Auditor Certification programme.

The successful completion of this course is a prerequisite and essential to becoming a CQI/IRCA BCMS registered Auditor.  

To participate in this training course, the following prior knowledge was expected: 

a) Management Systems

    • The Plan, Do, Check, Act (PDCA) cycle
    • The core elements of a management system and the interrelationship between top management responsibility, policy, objectives, planning, implementation, measurement, review, and continual improvement.

b) Business Continuity Management

    • Conducting of business impact analysis and risk assessment, the development of business continuity strategies and solutions and the implementation of business continuity plans and procedures.
    • The relationship between business continuity management, an organisation’s wider risk management arrangements and an organisation’s overall ability to continue to operate during disruptions, and between business continuity management and the proactive improvement of business continuity performance.

c) ISO 22301

    • Knowledge of the requirements of ISO 22301 and the commonly used business continuity management terms and definitions, as given in ISO 22301, which may be gained by completing a CQI and IRCA Certified ISO 22301 Foundation BCMS training course or equivalent.

Note. You are advised that course examination questions can relate to any requirement of ISO 22301 and the expected prior knowledge. For delegates who do not have these, we recommend attending our Foundation training course.  


Who should attend?

This course is intended for those who will be involved in leading audits of a BCMS that conforms to ISO 22301 in any organization.

Suggested job functions and their teams include:

    • Those wishing to implement a BCMS in accordance with ISO 22301
    • Management professionals who operate emergency response services, i.e. data center, help desk, problem management
    • The existing auditor who wants to expand their auditing skills 
    • Consultants who wish to provide advice on ISO 22301 implementation
    • IT and corporate security managers
    • Corporate governance managers
    • Risk and compliance managers


Learning objectives

    • Learn how to explain the purpose and business benefits of a BCMS, of BCMS standards, of management system audit and of third-party certification
    • Learn how to explain the role of an auditor to plan, conduct, report, and follow-up a BCMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
    • Learn how to plan, conduct, report and follow-up an audit of a BCMS to establish conformity (or otherwise) with ISO 22301 in accordance with ISO 19011 (and ISO 17021 where appropriate)


Course benefits

    • Your organization will have an internal resource and process to be able to conduct its own audit of its BCMS to assess and improve conformance with ISO 22301
    • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of a BCMS in any organization
    • Successful auditing will improve the business continuity capability and quality to meet market assurance and corporate governance needs
    • Understand how to identify gaps in a BCMS system
    • Accurately audit will be able to provide continuous improvement to a management system
    • Meet training requirements for IRCA auditor certification


Course outline

Day 1, Business continuity management systems knowledge (ISO 22301)

    • Terms and definitions 
    • Management system structure (MSS) and process approach (PDCA)
    • Understanding of organization, interests and their requirements 
    • Management system scoping 
    • Top management leadership, management system policy and objectives 
    • Support the management system
    • Documented management system (standard requirements and from the organization)  
    • BCMS Operation
      • Business risk management requirements and process (BIA, business impact analysis)
      • Risk assessment (identify the risk, risk analysis, and risk evaluation)
      • Risk treatment (business continuity strategy)

Day 2, Business continuity management systems knowledge (ISO 22301) 

      • BCMS Operation (cont.)
        • Incident management process
        • Business continuity management and plans (BCPs)
        • BCM exercising and testing

      • Management system performance evaluation
        • Monitoring, Measurement, Analysis and Evaluation process
        • Audit
        • Management Review
      • Management continual improvement processes

    Day 3, Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

      • Roles and responsibilities in an audit 
      • Management system performance evaluation and continual improvement requirements 
      • Different types of audit
      • Audit programme and purpose
      • Planning an audit (initiate the audit, feasibility analysis)
      • Conduct a Stage 1 audit (document review)
      • Preparation for Stage 2 (on-site) audit - audit plan
      • Preparation of audit work documents includes checklist and audit trails 

    Day 4, Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

      • Opening meeting
      • Roleplay for audit scenarios 
      • Practice audit skills of collecting audit evidence
      • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 
      • Prepare audit report 

    Day 5, Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

      • Audit conclusion 
      • Closing meeting 
      • Audit follow-up
      • Evaluating correction, the corrective action including root cause analysis and audit finding closure
      • Management system certification 
      • Course summary and examination 


    What's included?

      • Course material
      • Course certificate


    Organizational information

      • Course information and joint instruction 


    Please contact us for more information or support neededinfo@tksg.global 


    Last modified: Wednesday, 28 June 2023, 8:09 PM