ISO 22301 Training Programme – Business Continuity Management System (BCMS)

Below you will find a comprehensive, professional ISO 22301 training programme, prepared in the JDA Advisory style: practical, operational, with a focus on real-world implementation, operational resilience, testing, BIA, risk, and audit preparation.

Training objectives:

• Integration of the BCMS with DORA, NIS-2, ISO 27001 and cybersecurity.
• Understanding the requirements of ISO 22301:2019.
• The ability to translate requirements into BCMS processes, roles and documentation.
• Preparing the organisation for the implementation and certification of a business continuity management system.

Module 1. Introduction to ISO 22301

• What is a BCMS and why is it crucial for an organisation’s resilience?
• The structure of the ISO 22301 standard (Annex SL).
• Differences between ISO 22301 and DORA/NIS-2/ISO 27001.
• Key concepts: RTO, RPO, MTPD, BIA, RA, scenarios, critical assets.
• Common mistakes organisations make when implementing a BCMS.

Module 4. Risk Assessment (RA) for Business Continuity

• Identification of threats and vulnerabilities.
• Assessment of operational risk and resilience.
• Integration of RA with BIA.
• Risk register and risk treatment plan.
• Links to DORA ICT Risk Management.

Module 7. Testing, exercises, and reviews

• Types of tests: tabletop exercises, simulations, technical tests, and full-scale simulations.
• How to plan and document BCMS tests.
• Effectiveness assessment and corrective actions.
• DORA and NIS-2 requirements regarding resilience testing.

Module 2. Organisational context and BCMS governance

• Analysis of the context and stakeholders.
• Scope of the BCMS – how to define it correctly.
• Roles and responsibilities (BCM Manager, process owners, emergency response teams).
• Business continuity policy.
• Integration of the BCMS with other management systems.

Module 5. Business continuity strategies

• How to select recovery and continuity strategies.
• Alternative locations, redundancies, outsourcing, automation.
• Strategies for ICT, business processes, human resources and suppliers.
• Examples of implementations across various sectors.

Module 8. Monitoring, measurement, and improvement of the BCMS

• KPIs/KRIs for business continuity.
• Monitoring the effectiveness of strategies and plans.
• Management review.
• Continuous improvement and updating of the BCMS.

Module 3. Business Impact Analysis (BIA)

• Objectives and scope of the BIA.
• Identification of critical processes and dependencies.
• Determination of parameters: RTO, RPO, MBCO, MTPD.
• Analysis of the impact of outages and prioritisation of processes.
• Workshop: conducting a simplified BIA for a selected process.

Module 6. Business continuity plans and contingency plans

• Structure of BCP/DRP plans.
• Emergency response, recovery and communication procedures.
• Roles and emergency response teams.
• Required records, instructions and checklists.
• Sample templates.

Module 9. ISO 22301 audit and preparation for certification

• Internal audit in accordance with ISO 19011.
• A step-by-step guide to the certification audit.
• The most common non-conformities and how to avoid them.
• How to prepare evidence of compliance.