[Note: This is a partial preview. To download this presentation, visit: https://www.oeconsulting.com.sg/training-presentations] ISO 22301:2019 is the latest security and resilience - business continuity management system (BCMS) international standard. This new standard replaces the old ISO 22301:2012. Organizations certified to the 2012 version must transition to the 2019 version by October 31, 2022. The intent of ISO 22301:2019 is to provide a framework for a holistic, strategic approach to an organization's business continuity policy, plans and actions. The benefits of implementing the ISO 22301:2019 framework include minimized downtime during incidents and improved recovery time. Diseases such as COVID-19, floods and cyber attacks have compelled all companies and organizations to assess their business continuity plans and systems so as to keep their businesses running and minimize disruptions. This presentation can be used to brief management and staff, new hires and potential auditees so as to create awareness of the ISO 22301:2019 standard. Alternatively, the presentation may be used to supplement your materials for the training of BCMS professionals and internal auditors. LEARNING OBJECTIVES 1. Provide background knowledge on ISO 22301:2019 2. Gain an overview of ISO 22301:2019 structure and the certification process 3. Gather useful tips on handling an audit session CONTENTS 1. Overview of ISO 22301:2019 About ISO Introduction to ISO 22301:2019 What is ISO 22301:2019? Development of ISO 22301:2019 Objective of ISO 22301:2019 What Improvements were made to ISO 22301:2019? Who Can Use ISO 22301:2019 How Does ISO 22301:2019 Work? Benefits of ISO 22301:2019 Advantages of Certification 2. ISO 22301:2019 Structure Annex L - Implications Overview of Annex L The ISO 22301:2019 Structure is Aligned to the Common Structure for MSS The Plan-Do-Check-Act (PDCA) Cycle ISO 22301:2019 Approach is Based on the PDCA Cycle ISO 22301:2019 Structure - Context of the Organization - Leadership - Planning - Support - Operation - Performance Evaluation - Improvement 3. ISO 22301:2019 Certification Becoming ISO 22301:2019 Certified ISO 22301:2019 Certification Transition Timeline The ISO 22301:2019 Certification Audit Process Audit Findings 4. Handling the Audit Session Rights of Auditee Rights of Auditor How to Handle the Audit Session? Auditee's Conduct Do's Don'ts To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations

1. © Operational Excellence Consulting. All rights reserved.
ISO 22301:2019
SECURITY & RESILIENCE:
Business Continuity Management Systems
© Operational Excellence Consulting. All rights reserved.

2. © Operational Excellence Consulting. All rights reserved. 2
Learning Objectives
Provide
background
knowledge of
ISO 22301:2019
Gain an
overview of the
ISO 22301:2019
structure
Understand the
ISO 22301:2019
certification
process
Learn useful tips
on handling an
audit session
NOTE: As this is a PREVIEW, only selected
slides are shown. To download the complete
presentation, please visit:
http://www.oeconsulting.com.sg

3. © Operational Excellence Consulting. All rights reserved. 3
Contents
2
3
4
ISO 22301 Structure
ISO 22301 Certification Process
Handling an Audit Session
1 Introduction to ISO 22301

4. © Operational Excellence Consulting. All rights reserved. 4
Introduction to ISO 22301, Security and resilience
– Business continuity management systems
• Floods, virus infection, cyber-attacks, IT breakdowns or
supply chain issues are just some of the possible threats
to the smooth running of an organization
• If not addressed effectively, they can cause disruption or
even business failure
• Consistent planning for what to do when disaster strikes
means a more effective response and a quicker recovery
• ISO 22301 is an International Standard for implementing
and maintaining effective business continuity plans,
systems and processes

5. © Operational Excellence Consulting. All rights reserved. 5
What is ISO 22301:2019?
• ISO 22301:2019 identifies the
fundamentals of best practice
business continuity
• It establishes a framework for
industrial plants or entire
companies to manage all
aspects of business continuity
• Applies to any organization,
large or small, with or
nonprofit, private or public

6. © Operational Excellence Consulting. All rights reserved. 6
Objective of ISO 22301:2019
• ISO 22301:2019 specifies
requirements to implement,
maintain and improve a
management system to
protect against, reduce the
likelihood of the occurrence
of, prepare for, respond to
and recover from disruptions
when they arise

7. © Operational Excellence Consulting. All rights reserved. 7
What improvements were made to ISO
22301:2019?
The structure of the standard has been reviewed
to make it easier to read and implement, with
greater clarification of what is required
The language and terminology have been
simplified to remove duplication and better reflect
today’s thinking in the business continuity industry
The High Level Structure (HLS) has been
streamlined to remain in line with all other ISO
management system standards.

8. © Operational Excellence Consulting. All rights reserved. 8
Benefits to an Organization for Implementing a
Business Continuity Management System
• Help organizations respond to, and recover from, disruptions
effectively
• Reduced costs and less impact on business performance should
something go wrong
• Companies with multiple sites or divisions can rely on the same
consistent approach throughout the entire organization
• Provides ability to reassure clients, suppliers, regulators and other
stakeholders that the organization has sound systems and
processes in place for business continuity
• Improved business performance and organizational resilience
• A better understanding of the business through analysis of critical
issues and areas of vulnerability

9. © Operational Excellence Consulting. All rights reserved. 9
Overview of Annex L
• Annex L is a framework for a generic management
system. However, it requires the addition of discipline-
specific requirements to make a fully functional standard.
Annex L
High-level
structure
Identical
core text
Common
definition

10. © Operational Excellence Consulting. All rights reserved. 10
The ISO 22301:2019 Structure is Aligned to the Common
Structure for Management System Standards (MSS)
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

11. © Operational Excellence Consulting. All rights reserved. 11© Operational Excellence Consulting. All rights reserved. 11
Plan-Do-Check-Act (PDCA) Process Model
Implement and operate
the processes of the
BCMS
Establish objectives and
processes necessary to
deliver results in
accordance with
requirements and the
organization’s BCM policy
Monitor and review the
processes with regard to
the BCMS policy and
objectives and report the
results
Maintain and
continually improve the
effectiveness of the
organization’s BCMS
Plan
Do
Act
Check

12. © Operational Excellence Consulting. All rights reserved. 12
In accordance with the PDCA cycle, Clauses 4 to 10 cover
the following components
Clauses Description
4. Context of the organization
Introduces the requirements necessary to establish the context of
the BCMS applicable to the organization, as well as needs,
requirements and scope
5. Leadership
Summarizes the requirements specific to top management’s role in
the BCMS, and how leadership articulates its expectations to the
organization via a policy statement
6. Planning
Describes the requirements for establishing strategic objectives
and guiding principles for the BCMS as a whole.
7. Support
Supports BCMS operations related to establishing competence
and communication on a recurring/as-needed basis with interested
parties, while documenting, controlling, maintaining and retaining
required documented information.

13. © Operational Excellence Consulting. All rights reserved. 13
ISO 22301:2019 Clause Structure (4-10)
PLAN DO CHECK ACT
4. Context of the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10. Improvement
4.1 Understanding the
organization and its
context
5.1 Leadership and
commitment
6.1 Actions to address
risks and
opportunities
7.1 Resources 8.1 Operational
planning and control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1 Nonconformity
and corrective action
4.2 Understanding the
needs and
expectations of
interested parties
5.2 Policy 6.2 Business
continuity objectives
and plans to achieve
them
7.2 Competence 8.2 Business impact
analysis and risk
assessment
9.2 Internal audit 10.2 Continual
improvement
4.3 Determining the
scope of the BCMS
5.3 Roles,
responsibilities and
authorities
6.3 Planning changes
to the BCMS
7.3 Awareness 8.3 Business
continuity strategies
and solutions
9.3 Management
review
4.4 Business
continuity
management system
7.4 Communication 8.4 Business
continuity plans and
procedures
7.5 Documented
information
8.5 Exercise
programme
8.6 Evaluation of
business continuity
documentation and
capabilities

14. © Operational Excellence Consulting. All rights reserved. 14
Becoming ISO 22301:2019 Certified
• The certification body
examines the BCMS for
conformity to the ISO
22301:2019 standard
• The ISO 22301:2019 audit is
a compliance audit
• Certification means the
organization has a
documented BCMS that is
fully implemented and meets
ISO 22301:2019 requirements

15. © Operational Excellence Consulting. All rights reserved. 15
2022
2021 Full conformance
with new
standard
Recertification
audits to new
standard
2020-
2022
2019
Transition to full
compliance
Published ISO
22301:2019
ISO 22301:2019 Certification
Transition Timeline
Recertification
audits to new
standard
2020
Organizations certified to the
2012 version must transition
to the 2019 version by
October 31, 2022
Organizations can be certified
against 2019 revision
beginning April 30, 2020

16. © Operational Excellence Consulting. All rights reserved. 16
ISO 22301:2019 Certification Process
Implementation
of BCMS
Conduct Internal
Audit and Review
Result by Top
Management
Selection of a
Certification Body
Stage 1 AuditStage 2 Audit
Confirmation of
Registration
Continual
Improvement and
Surveillance
Audits

17. © Operational Excellence Consulting. All rights reserved. 17
Audit Findings
Minor Non-conformity
Observation
Major Non-conformity

18. © Operational Excellence Consulting. All rights reserved. 18
How to Handle the Audit Session?
• Do not panic
• Ask and clarify
• Admit obvious non-conformities
• Offer evidence and explain patiently
• Take note of improvement areas highlighted by the
auditor
• Show internal audit report, when necessary

19. © Operational Excellence Consulting. All rights reserved. 19
Auditee’s Conduct
• Polite
• Professional
• Positive / Receptive
• Sincere
• Commitment
• Formal but not overly
serious

20. © Operational Excellence Consulting. All rights reserved. 20
Interacting with Auditors
• Be honest and open
• Recognize they may be experts
• Realize they may not be subject
matter experts
• Understand the purpose of the
meeting and review related records
prior to interviews
• Turn mobile phones to silent mode

21. © Operational Excellence Consulting. All rights reserved. 21
Interacting with Auditors
• Assume auditors are familiar with
your organization’s BCMS
• Challenge auditors
• Show more competence in ISO
22301:2019
• Argue internally
• Express unfairness
• Ask for solution
• Fix non-conformities on the spot

22. © Operational Excellence Consulting. All rights reserved.
END OF PARTIAL PREVIEW
To download this presentation,
please visit:
www.oeconsulting.com.sg