International Management System Institute
MSP Course #6 - ISO 22301:2019 Business Continuity
Introduction ISO 22301
ISO 22301 - Introduction and Overview
ISO 22301 Clause 4: Context
Lesson 1, ISO 22301 - Clause 4: Context
Quiz #1 - ISO 22301 Clause 4 Context
ISO 22301 Clause 5: Leadership
Lesson 2, ISO 22301 - Clause 5: Leadership
Quiz #2 - ISO 22301 Clause 5 Leadership
ISO 22301 Clause 6: Planning
Lesson 3, ISO 22301 - Clause 6 Planning
Quiz #3 - ISO 22301 Clause 6 Planning
ISO 22301 Clause 7: Resources
Lesson 4, ISO 22301 - Clause 7 Resources
Quiz #4 - ISO 22301 - Clause 7 Resources
ISO 22301 Clause 8: Operations
Lesson 5a, ISO 22301 - Clause 8.1-8.2 Operations
Quiz #5a, ISO 22301 - Clause 8.1-8.2 Operations
Lesson 5b, ISO 22301 - Clause 8.3 Operations
Quiz #5b, ISO 22301 - Clause 8.3 Operations
Lesson 5c, ISO 22301 - Clause 8.4 Business Continuity Plans and Procedures
Quiz #5c, ISO 22301 - Clause 8.4 Business Continuity Plans and Procedures
Lesson 5d, ISO 22301 - Clause 8.5 Exercise programme -8.6 Evaluation of Business Continuity Documentation and Capabilities
Quiz #5d, ISO 22301 - Clause 8.5-8.6
ISO 22301 Clause 9: Performance Evaluation
Lesson 6, ISO 22301 - Clause 9 Performance Evaluation
Quiz #6, ISO 22301 - Clause 9 Performance Evaluation
ISO 22301 Clause 10: Improvement
Lesson 7, ISO 22301 - Clause 10 Improvement
Quiz #7, ISO 22301 - Clause 10 Improvement
Claim Your Certificate
BACK TO IMSIPRO.ORG
Quiz #5a, ISO 22301 – Clause 8.1-8.2 Operations
In order for an organization to plan, implement and control the processes needed to meet ISO 22301 requirements they will need to…
establish criteria for the processes of the management system.
identify employees who may want to harm the operating system.
implement control of the processes in accordance with the criteria they have set.
keep enough documented information to have confidence that the processes have been carried out as planned and get the results that they want.
None of the above – cyber attacks cannot be predicted and can happen any time – planning is futile.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary
To build a Business Continuity Management System, an organization will:
establish criteria for the business continuity processes.
implement control s for the processes in accordance with the criteria in a).
keep documented information that they need in order to have confidence that the processes have been carried out as planned and are getting the results that they want.
control planned changes and review the consequences of unintended changes.
take action to resolve any adverse or unwanted results , whenever necessary.
The process for analyzing business impacts to determine business continuity priorities and requirements must…
define the impact types and criteria relevant to the organization’s context.
identify the activities that support the provision of products and services.
use the impact types and criteria for assessing the impacts over time resulting from the disruption of these activities.
identify the time frame within which the impacts of not resuming activities would become unacceptable t o the organization ( maximum tolerable period of disruption – MTPD).
set priorities within the time identified in d) for resuming disrupted activities ( Recovery Time Objective – RTO).
The organization shall have a risk assessment process where they…
identify the risks of disruption to the organization’s prioritized activities and to their required resources.
assess the salary impacts of becoming better at business disruptions.
analyze and evaluate the identified risks of disruption.
determine which risks require treatment.
force every employee and subcontractor to assess their risks every day and report their findings.