Background to ISO 22301
ISO 22301 is a business continuity management system (BCMS) Standard which provides the effective means of assuring yourselves and stakeholders of your commitment to business continuity and that you have adopted best practice.
When implementing a BCMS, an essential ingredient is that you are following a process of continual improvement. A key activity within this process is performance evaluation, i.e. is your BCMS operating as you intended and as is required? Auditing and review is one of your performance evaluation mechanisms. The auditing process is an ongoing activity, irrespective of whether your organisation is certified or not.
Challenges Associated with ISO 22301 Auditing
The biggest challenge faced by organisations when it comes to the auditing process is suitable resources - , ensuring you have sufficient and suitable resources to manage the audit programme and conduct the audits. Auditors need to have the skills and knowledge sufficient to conduct effective audits. This means that they need to be able to audit specific business continuity process, e.g. business impact analysis, plans, or exercising, and may need to visit geographically diverse locations in order to put documents in the necessary context. Therefore, auditors need to, not only be available to travel, but also to be able to demonstrate a level of independence from the area being audited. The people most likely to have sufficient knowledge of business continuity and therefore, assuming they also have audit skills, be the most appropriate auditors, often have a conflict of interest and may not be able to conduct the audit. There is also the additional burden of conducting audits of third parties who form part of the supply chain.
Our ISO 22301 Auditing Services
Having been involved in numerous BC projects and conducted numerous BC audits both internally and of third parties, we are ideally placed to assist organisations with their auditing activities. We can support the development of an internal audit programme and/or provide access to one of our audit specialists to conduct the audits. Where we conduct the audit, if desired, we will encourage your staff to shadow our auditor as part of our knowledge transfer philosophy.
Naturally, the audits will be bespoke to your organisation and can include the operation of the management system (e.g. document management procedures and corrective actions process) or the business continuity processes (e.g. business impact analysis, plan maintenance or plan exercising).
Our BCMS audit services can also extend to auditing third parties on your behalf e.g. verifying business continuity capability, plans and competencies.
We manage the full ISO 22301 internal audit process for a number of clients and would welcome the opportunity to discuss your requirements with you.