With the help of the ISO22301 documentation set from Advisera, I am currently preparing an internal audit procedure for the business continuity management system. The checklist includes the following questions:
6.1 Has the organization identified the risks and opportunities relating to the effectiveness of the management system?
6.1 Does the organization plan to deal with the identified risks and opportunities?
6.2 Are the business continuity objectives measurable; are they monitored and updated?
6.2 Are there steps to achieve goals, responsible persons, deadlines, necessary resources?
In which documents from the ISO22301 package does the organization address these questions and meet the requirements of clause 6.1 and 6.2 of the standard?
Please note that ISO 22301 does not require clause 6.1 (Actions to address risks and opportunities) to be documented. Since they are related to the implementation of the BCMS, such actions are considered in the project plan, located in folder 01 Preparation for the Project.
Items related to clause 6.2 of ISO 22301 are covered in the template “Preparation Plan for Business Continuity”, located in folder 06 Business Continuity Strategy.