Auditing a Business Continuity Program: ISO 22301
Note: You will have the option to add the relevant certification application fee to this price at the point of registration.
Web Based, Eastern Time
4 Days (4 full days of instruction 8:30 a.m. – 5:00 p.m.; Examination online at your leisure)
Examination: DRI Audit Examination - ISO 22301 (2.5 hours)
32 Continuing Education Activity Points (CEAPs) may be awarded towards recertification if applicable.
The cost of this course includes both the course and the exam.
A certificate of completion for the course will only be delivered once the exam is completed and payment has been received. Exam results will then be released.
Auditing business continuity management systems using a recognized international standard is the best method to identify opportunities to enhance and improve performance. Auditing supplier business continuity management systems is a requirement for some industries and for organizations that have certified, or are seeking certification of, their business continuity management systems and programs. Auditing is also a must for organizations seeking to identify the resiliency of critical suppliers, those with low tolerance for risk, and those seeking to enhance organizational resilience.
DRI’s ISO 22301 audit course is designed for business continuity professionals, risk managers, internal auditors, and consultants. The course provides the foundation for auditing — the collection of evidence using interviews, reviewing documents, and surveying properties, as well as the use of ISO 22301 as criteria to evaluate each aspect of a business continuity management system (BCMS).
The course begins with the basics of auditing using ISO standards and the Institute of Internal Auditor’s International (IIA) Professional Practices Framework. Students will learn how to develop an audit work plan beginning with assembling a team, research applicable requirements, request documents for review, and schedule site surveys and interviews.
An overview of ISO 22301 is followed by 10 lessons providing clause-by-clause explanations of the standard’s BCMS requirements, auditing techniques, and evidence of conformity. Each lesson includes interactive class activities and hands-on auditing of a hypothetical company using ISO 22301 as criteria. Students compile audit findings during each of these lessons.
The course wraps up with a hands-on lesson on report writing, including an extended class activity with students organizing findings from all lessons, prioritizing their recommendations, developing an auditor’s opinion on conformity of the case study BCMS to ISO 22301, and presenting their opinion and recommendations to the instructor.
Course materials include a comprehensive audit guide for student use when preparing for and conducting an audit. The audit guide identifies documents to review, people to interview, questions to ask, regulations, best practices, and more in-depth guidance. A practice exam that is the subject of the final class lesson is also provided to prepare students for the qualifying exam.
- Business continuity management system (BCMS) as defined by ISO 22301, 2019
- Context of the organization, leadership, risk assessment, business impact analysis, business continuity plans, competence, exercise program, - performance evaluation, and improvement
- Auditing fundamentals, including planning an audit, gathering evidence, determining findings, developing an auditor’s opinion of conformity, and compiling an audit report
"DRI courses are well-structured to provide the requisite information at a pace that is appropriate for the learner. The instructor was very knowledgeable and provided 'real world' examples to ensure best understanding." - CBCP, MBCP, CBCLA, & CRMP, USA
1. Understand the requirements for a business continuity management system (BCMS) as defined by ISO 22301.
2. Understand fundamental auditing requirements from ISO and IIA.
3. Define the role of an auditor to develop an audit plan.
4. Identify the tasks to conduct an audit including reviewing documents, interviewing, and surveying facilities.
5. Define reporting requirements including identifying findings, developing an auditor’s opinion on conformity to the audit standard, and preparing recommendation for continual improvement.
6. Take the DRI Audit Examination - ISO 22301
- Auditing basics
- Understanding ISO 22301
- Context of the organization
- Leadership, planning, support, and operation
- Risk assessment
- Business impact analysis (BIA)
- Continuity strategies and solutions
- Business continuity plans
- Education and training
- Exercise program
- Audit findings, recommendations, and auditor’s opinion
- Exam preparation
- DRI Audit Examination - ISO 22301
For in-person courses:
This course will be held in-person and the exam will be online, at leisure. A computer is required for this course in order for you to take the exam. The system requirements will be sent to you via email together with information about how to access the course materials prior to the start of the course.
For courses held online:
All online courses are held via Zoom and a computer is required for this course. The system requirements will be sent to you via email together with information about how to access the course materials prior to the start of the course. You will also be provided with instructions for how to take the exam online, at leisure following the course.
For international courses:
This course is being hosted by a DRI International partner. To register, you will be asked to provide your contact information and we will put you in touch with the local team for details.
For courses held pre-conference:
This course is being held in-person prior to the DRI Annual Conference at or near the conference venue. You can then attend the conference immediately following your course with an additional registration (separate fee applies).
Courses are scheduled subject to a minimum enrollment. If enrollment for a particular course does not meet the minimum, that class is cancelled or rescheduled. If DRI International must cancel a class for any reason, DRI's liability is limited to the paid registration fee. DRI makes every effort to notify registered participants as soon as possible if classes are cancelled.
Registration applies only to the individual named on the registration form. If you want to substitute another individual from the same company, you must contact the course registrar prior to the first day of the course. Rescheduling must occur within twelve months of the originally scheduled course and no more than three course transfers are permitted. Within twelve months, there is no charge for course transfers. If you exceed the allotted twelve months for rescheduling or limit of three course transfers, no refunds will be made.
The following refund policies apply:
- No refund will be issued if an individual cancels within 14 days of the first day of the course
- A 50% refund will be issued if an individual cancels within 15-29 days of the first day of the course
- A full refund will be issued if an individual cancels 30+ days before the first day of the course