Management review

However, what is the purpose of conducting a management review and internal audit as part of the initial project when in theory there is nothing yet to review or audit?

Answer: A BCMS project implementation involves running at least one complete cycle of the management system, which includes the internal audit and management review activities. Without these activities the project cannot ensure the BCMS is properly implemented, operated and improved.

Regarding issues to be audited, these are some examples:
- Results of Business Continuity Plans tests
- Records of operation of implemented controls
- Level of awareness and competency of personnel

As for inputs for management review, besides the results of internal audits, other example is the feedback of interested parties.

These article will provide you further explanation about ISO 22301:
- What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/