Audit ISO 22301 checklist – Gain a competitive edge through effective business continuity management.
Discover the key advantages and unique benefits of implementing ISO 22301 in your organisation – Audit ISO 22301 checklist
Audit ISO 22301 checklist – Comprehensive audit checklist.
Detailed guidance to help effectively assess compliance with the standard’s requirements, to assist with audit preparation.
Audit ISO 22301 checklist – Practical tools for risk management.
Solutions that enable the identification and mitigation of potential risks to business continuity.
Support in meeting the requirements of ISO 22301.
Support in adapting organisational processes to ensure the resilience and stability of the company’s operations.
Effective business continuity management for your organisation.
We outline the key challenges in business continuity management and explain how our checklist helps to overcome them.
Risk and hazard assessment
A thorough risk analysis enables the rapid identification and elimination of potential threats to the business.
Incident response planning
Developing effective procedures that turn crises into manageable situations, thereby minimising losses.
Implementation and monitoring
Implementing business continuity strategies that remove obstacles and enhance the organisation’s resilience.
Training and team development
Regular training and audits to ensure the continuous improvement of skills and the effectiveness of the business continuity management system.
View the detailed ISO 22301 audit checklist.
This website offers practical guidance and tools to help you meet the requirements of the business continuity management standard.
The basics of ISO 22301
An overview of the standard’s key requirements and their practical application within the organisation.
Preparing for the audit
An analysis of the processes and procedures necessary for effective business continuity management.
Tools and support
An overview of the tools and methods available to support ISO 22301 audits.
How to conduct an ISO 22301 audit
A step-by-step guide to the ISO 22301 audit, providing practical tools and guidance for organisations seeking to meet the requirements of the business continuity standard.
Step one: Preparing for the audit
An overview of the key preparatory steps that will lay a solid foundation for the successful conduct of an ISO 22301 compliance audit.
Step two: Conducting the audit
A detailed description of the audit process, outlining the methods used to gather evidence and assess compliance with the requirements of ISO 22301.
Step three: Analysis and reporting of results
A presentation on how to interpret audit findings and prepare a report containing recommendations for improving business continuity management.
Start your ISO 22301 audit and safeguard your company’s future.
We encourage you to review our detailed checklist, which will help you prepare for your ISO 22301 audit and meet the requirements for business continuity management. Make use of our practical tips and tools to streamline your processes and enhance your organisation’s resilience.
CHECKLIST – ISO 22301 (BCMS) AUDIT – JDA ADVISORY
Organisational context (point 4)
4.1 Understanding the organisation and its context
Kryteria oceny:
- Identification of internal and external factors
- Linking the context to operational risks and business continuity
Audit questions:
- Has the organization identified the factors influencing the BCMS?
- Is the context updated periodically?
- Does the context influence BIA, TRA, and plans?
Evidence: context analysis, risk registers, strategic documents.
4.2 Interested parties
Criteria:
- Identification of stakeholders
- Determining their business continuity requirements
Questions:
- Have stakeholders and their requirements been identified?
- Is the list up-to-date?
Evidence: party register, regulatory requirements, SLAs.
4.3 Scope of BCMS
Criteria:
- Clearly defined scope
- Linked to processes, locations, systems, and suppliers
Questions:
- Is the scope adequate to operational reality?
- Does it cover critical processes?
Evidence: scope document, process map, IT architecture.
4.4 BCMS
Criteria:
- Establishing, implementing, maintaining and improving the BCMS
Questions:
- Is the BCMS formally established?
- Are there roles and responsibilities?
Evidence: policies, procedures, RACI.
Leadership (pkt 5)
5.1 Management commitment
Criteria:
- Active BCMS support
- Providing resources
Questions:
- Does management participate in BCMS reviews?
- Does it provide resources for testing and recovery?
Evidence: minutes, board decisions.
5.2 Business Continuity Policy
Criteria:
- Timeliness, approval, communication
Qiuestions:
- Is the policy known to employees?
- Does it reflect the BCMS objectives?
Evidence: politics, messages.
5.3 Roles and responsibilities
Criteria:
- Clearly Assigned Roles
- Critical Process Owners
Questions:
- Are roles defined and assigned?
- Is there a crisis team?
Evidence: RACI, job descriptions.
Planning (pkt 6)
6.1 Risk and opportunities
Criteria:
- TRA Methodology
- Linking Risks to Plans
Questions
- Is the TRA up to date? Are risks monitored?
Evidence: TRA, risk register.
6.2 Business Continuity Objectives
Criteria:
- Measurability Linking to KPIs/KRIs
Questions:
- Are the goals measurable and monitored?
Evidence: dashboards, reports.
Support (pkt 7)
7.1 Resources
Questions:
- Are resources adequate to implement BCMS?
Evidence: budgets, resource plans.
7.2 Competences
Questions:
- Do employees have the competencies to implement BCP/DRP?
Evidence: competency matrices, training.
7.3 Awareness
Questions:
- Do employees know their roles in a crisis?
Evidence: knowledge tests, awareness campaigns.
7.4 Communications
Questions:
- Is there a crisis communications plan?
Evidence: procedures, contact lists.
7.5 BCMS documentations
Questions:
- Are documents monitored and updated?
Evidence: document register.
5. Operational activities (pkt 8)
8.1 Operational planning and control
Questions:
- Are BCM processes defined and operational?
Evidence: procedures, logs, registers.
8.2 BIA – Business Impact Analysis
Criteria:
- Identification of critical processes
- RTO, RPO, MTPD
- Dependencies (IT, people, suppliers, locations)
Questions:
- Is the BIA up to date?
- Are the RTOs/RPOs realistic?
Evidence: BIA, dependency maps.
8.3 TRA – Disruption Risk Assessment
Questions:
- Does the TRA consider disruption scenarios?
- Do TRA results impact plans?
Evidence: TRA, risk register.
8.4 Business Continuity Strategy
Questions:
- Are the strategies adequate to the BIA/TRA results?
Evidence: strategies, management decisions.
8.5 Business Continuity Plan (BCP)
Questions:
- Are the plans complete, up-to-date, and feasible?
- Do they include roles, procedures, communication, and scenarios?
Evidence: BCP, operational instructions.
8.6 IT Recovery Plans (DRP)
Questions:
- Is the DRP aligned with the RTO/RPO?
- Is DR testing being performed?
Evidence: DRP, test logs.
8.7 Supplier Management
Questions:
- Do critical suppliers have BCM requirements?
- Are SLAs monitored?
Evidence: contracts, supplier register, monitoring results.
8.8 Tests and exercises
Questions
- Are tests planned and implemented?
- Do test results lead to corrective actions?
Evidence: test plans, reports, NC.
6. Performance evaluation (pkt 9)
9.1 Monitoring and measurement
Questions:
- Are there KPIs/KRIs for the BCMS?
- Are they reported?
Evidence: dashboards, reports.
9.2 Internal audit
Questions:
- Are audits being conducted as planned?
- Are corrective actions being implemented?
Evidence: audit reports, NC.
9.3 Management review
Questions:
- Does the inspection include all required elements?
Evidence: minutes, decisions.
7. Improvements (pkt 10)
10.1 Non-conformities and corrective actions
Questions:
- Are non-conformities recorded and analyzed? Are the actions effective?
Evidence: NC register, root cause analysis.
10.2 Continuous improvement
Questions:
- Is the organization continually improving its BCMS?
Evidence: roadmaps, initiatives.
8. Assessment statuses
N/A – not applicable
OK – compliant
OBS – observations
MINOR NC – minor non-conformity
MAJOR NC – major non-conformity