Scribd Logo
Upload

Welcome to Scribd!

  • 177 views

    Iso 22301 Auditor Checklist Template: Context

    Uploaded by

    Lilia Patricia Rojas Rodríguez
    This document is an auditor checklist template for assessing an organization's readiness for ISO 22301 Business Continuity Management System (BCMS) certification. It contains requirements in several areas including context, leadership, planning, support, operations, procedures, evaluation, and improvement. For each requirement, organizations can indicate their compliance status and provide remarks. The checklist contains over 50 individual requirements across the various areas to help organizations evaluate the robustness of their business continuity program.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    Iso 22301 Auditor Checklist Template: Context

    Uploaded by

    Lilia Patricia Rojas Rodríguez
    177 views5 pages
    This document is an auditor checklist template for assessing an organization's readiness for ISO 22301 Business Continuity Management System (BCMS) certification. It contains requirements in several areas including context, leadership, planning, support, operations, procedures, evaluation, and improvement. For each requirement, organizations can indicate their compliance status and provide remarks. The checklist contains over 50 individual requirements across the various areas to help organizations evaluate the robustness of their business continuity program.

    Original Title

    IC-ISO-22301-Audit-Checklist-10830

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document is an auditor checklist template for assessing an organization's readiness for ISO 22301 Business Continuity Management System (BCMS) certification. It contains requirements in several areas including context, leadership, planning, support, operations, procedures, evaluation, and improvement. For each requirement, organizations can indicate their compliance status and provide remarks. The checklist contains over 50 individual requirements across the various areas to help organizations evaluate the robustness of their business continuity program.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    177 views5 pages

    Iso 22301 Auditor Checklist Template: Context

    Uploaded by

    Lilia Patricia Rojas Rodríguez
    This document is an auditor checklist template for assessing an organization's readiness for ISO 22301 Business Continuity Management System (BCMS) certification. It contains requirements in several areas including context, leadership, planning, support, operations, procedures, evaluation, and improvement. For each requirement, organizations can indicate their compliance status and provide remarks. The checklist contains over 50 individual requirements across the various areas to help organizations evaluate the robustness of their business continuity program.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    of 5

    ISO 22301 AUDITOR CHECKLIST TEMPLATE

    Use this self-audit questionnaire to gauge how ready your organization is to apply for ISO 22301 Business Continuity Management System (BCMS) certification. If your
    organization is not applying to be certified, you should still use the questionnaire to assess the robustness of your business continuity program.

    REQUIREMENT IN COMPLIANCE? REMARKS

    Context

    Do you understand the internal and external actors that can influence your
    organization’s business continuity requirements?

    Do you understand the risks and opportunities associated with your


    organization’s context?

    Do you understand and regularly monitor the expectations of interested


    parties, such as customers, suppliers, employees, or regulatory bodies, in
    your business continuity plan?

    Do you understand the regulatory or legal requirements that influence


    business continuity?

    Leadership

    Is top management committed to championing your organization’s business


    continuity management system (BCMS)?

    Does top management communicate the value of your BCMS internally and
    externally?

    Have you set and documented measurable business continuity plan


    objectives?

    Do the BCMS policy and objectives align with the mission and strategy of
    the organization?

    Do the individuals and roles responsible for leading continuity management


    have adequate skills and experience?

    Planning

    Have you determined the risks to and opportunities for your organization?

    Do you have a plan to tackle these risks and opportunities?

    Do your business systems incorporate any pertinent elements of the


    continuity plan?

    Have you told your whole organization about these objectives and discussed
    how the whole organization might help to achieve them?

    Support

    Have you identified the people, tools, equipment, finances, and other
    resources you need to stand up, run, maintain, and continually improve your
    BCMS?
    Does everyone involved in the BCMS have experience or training to
    perform well in their roles, or do they need training?

    Do you have a documentation system for both internal and external


    documents and do you have a change control process?

    Can employees and external stakeholders easily find the documentation


    they need when they need it?

    Operation

    Do you have a process to determine if the BCMS needs changes as well as a


    process to implement those changes?

    Are contractors and outsourced labor informed of business continuity


    requirements and solutions?

    Is a business impact analysis (BIA) scheduled regularly?

    Based on the BIA, have you prioritized which activities should resume first
    after a disruptive event? (This metric is also known as the recovery time
    objectives.)

    Have you determined the minimum levels for prioritized activities?

    Have you created a BCMS strategy (including dependencies and required


    resources) that focuses on supporting priority activities?

    Have you analyzed the business continuity capabilities of your suppliers?

    Have you listed the following key organization resources in your plan?

    Personnel

    Infrastructure

    Facilities

    Information

    Data

    IT

    Supplies

    Transportation

    Finance
    Other

    Have you considered approaches to help prevent (or reduce the length and
    impact of) the disruptions that can be caused by the risks you’ve identified?

    Have you documented and implemented your business continuity


    procedures?

    Did you create internal and external protocols to communicate about


    business continuity issues?

    Have you created an incident response structure to identify management and


    personnel who will respond to disruptive events?

    Procedures

    Do you have a procedure for detecting disruptive incidents?

    Do you have a procedure for making detailed reports on disruptive


    incidents, including articulating the steps and decisions that would lead up
    to an event?

    Do you have a procedure for recording actions and decisions in response to


    an incident?

    Do you have a procedure to receive and respond to warnings about possible


    events?

    Have you documented plans for restoring operations after an event? Do


    these plans contain all the information and procedures needed by the
    personnel who will use them?

    Do you have a procedure to secure people and infrastructure immediately


    after an event?

    Do you have a procedure to communicate internally and externally after an


    event?

    Do you have a procedure to switch from a temporary response to regular


    business operations?

    Do you regularly test your business continuity procedures using well-


    developed scenarios?

    Does your organization prepare after-action reports to detail what went well
    and what didn’t go well in business continuity system exercises?

    Evaluation

    Do you know what in your continuity system you must measure and
    monitor? Who will monitor the system and how often? What are the
    measurement methods?

    Do you document the results of periodic monitoring?

    Are internal audits scheduled to ensure conformity to ISO 22301 and your
    organization’s BCMS plan?

    Have you created an internal audit process?


    Do you document and retain audit results and report them to management?

    Improvement

    Have you created robust processes to manage nonconformities and to


    implement corrective action?

    Does top management regularly review and suggest improvements to the


    BCMS?
    Any articles, templates, or information provided by Smartsheet on the website are for reference
    only. While we strive to keep the information up to date and correct, we make no
    representations or warranties of any kind, express or implied, about the completeness,
    accuracy, reliability, suitability, or availability with respect to the website or the information,
    articles, templates, or related graphics contained on the website. Any reliance you place on
    such information is therefore strictly at your own risk.

    This template is provided as a sample only. This template is in no way meant as legal or
    compliance advice. Users of the template must determine what information is necessary and
    needed to accomplish their objectives.

    You might also like