MSP Course #6 - ISO 22301:2019 Business Continuity


As competition continues to escalate and world events disrupt trade, we need to be more ready than ever for surprises in order to ensure business continuity. The year 2020 proved to be a colossal test for ‘business continuity’ in every single sector. No exceptions. With this in mind, we can now see the tremendous advantage of having implemented a ‘Business Continuity Management System’. A formal approach to help us sleep at night!


METHODOLGY After you take the online course, if your organization would benefit from having a customized course, we can develop one for you.

It could be structured like this: First week of instruction: Monday – Thursday – Four online sessions of 3 hours each day, 12 hours total. We use the IMSI 80/20 Model: 20% Instructor lecturing, and 80% exercises. ZOOM lets us create break-out rooms so 2 or 3 people can work together on exercises. Then a three week Break to do the project. Students will be working together in the ‘Forum’ to share ideas and complete the project as a team or helping each other. Participants can access the Instructor with questions and/or talk to each other.Project will be specific to each organization and will be designed to improve the effectiveness of their management system, no matter what kind of system it is.


Certificates of Attendance are presented after the course and Certificate of Competence after completion of a successful project.


In order to gain this confidence in our sustainability, we will examine:

  1. Terms and definitions [Clause 3]
  2. Context of the organization [Clause 4]
    • Understanding the organization and its context [4.1]
    • Understanding the needs and expectations of Interested Parties [4.2]
    • Business continuity management system [4.3]
  3. Leadership [Clause 5]
    • Leadership and commitment [5.1]
    • Continuity management policy [5.2]
    • Organizational roles, responsibilities and authorities [5.3]
  4. Planning [Clause 6]
    • Actions to address risks and opportunities [6.1]
    • Business continuity objectives and action plans to meet them [6.2]
  5. Support [Clause 7]
    • Resources [7.1]
    • Competence [7.2]
    • Awareness [7.3]
    • Communication [7.4]
    • Documented information [7.5]
  6. Operation [Clause 8]
    • Operation planning and control [8.1]
    • Business Impact Analysis and Risk Assessment [8.2]
    • Business Continuity Strategies and Solutions [8.3]
    • Business Continuity Plans and Procedures [8.4]
    • Exercise Program [8.5]
    • Evaluation of Business Continuity Documents and Capability
  7. Performance evaluation [Clause 9]
    • Monitoring, measurement, analysis and evaluation [9.1]
    • Internal audit [9.2]
    • Management review [9.3]
  8. Improvement [Clause 10]
    • Non-conformity and corrective action [10.1
    • Preventive action [10.2]
    • Continual improvement [10.3]

Application Work at participants’ sites

  • Determine how the terms and definitions apply in their organization [Clause 3]
  • Identify the organization’s context and interested parties [4.1, 4.2]
  • Create Leadership awareness of their requirements to demonstrate commitment to the management of assets [5.1]
  • Document a Business Continuity Policy [5.2]
  • Create a current organizational chart [5.3]
  • Establish a method for risk identification and mitigation [6.1]
  • Determine Business Continuity targets and create action plans to meet them [6.2]
  • Assess the capability of the current support for the management system [7.1]
  • Evaluate current competence [7.2], awareness [7.3], communication [7.4] and documented information [7.5]
  • Follow the workflow and identify area that are critical to operations and susceptible to interruptions [8.1, 8.2]
  • Develop Continuity strategies and solutions that meet the requirements of the Standard [8.3]
  • Identify gaps in Business Continuity ‘Plans and Procedures’ [8.4]
  • Create an ‘Exercise program’ [8.5]
  • Evaluate business continuity documentation and capabilities
  • Develop a plan for measuring the strength of business continuity capabilities [9.1]
  • Assess the organization’s process for conducting Internal Audits [9.2] and Management Review [9.3] and close any gaps
  • Determine whether the Corrective [10.1] and Preventive [10.2] action activities are adequate and close any gaps (Continual Improvement [10.3])


  • The organization will be able to apply the terms and definitions of ISO 22301
  • Context and interested parties (and their requirements) will have been identified
  • Leadership will be aware of their requirements to demonstrate commitment and the organizational structure will be formalized
  • Risk planning and asset management targets will be completed, and related activities established and assigned
  • Resource assessment will be completed
  • End-to-end workflow and relevant dangers or weak spots will have been documented in flowcharts and process maps
  • An assessment will have been conducted on the effectiveness of the ‘Business Continuity plans, procedures, documents and capabilities’ – requirements recommended and adjustments planned where necessary
  • An internal audit and management review will have been completed (or at least planned)
  • Opportunities for improvement will have been identified

Course Curriculum

Start Next Lesson ISO 22301 - Introduction and Overview