PECB Updated ISO-22301-Lead-Auditor Exam Questions and Answers by fearne

When designing questionnaires for the BIA, the following factors should be considered1:

• Concise information: The questionnaires should provide clear and concise information about the purpose, scope, and objectives of the BIA, as well as the instructions on how to complete them. The questionnaires should also avoid unnecessary or redundant questions that could confuse or frustrate the respondents.
• Layout: The questionnaires should have a logical and consistent layout that facilitates the readability and comprehension of the questions. The questionnaires should use appropriate fonts, colors, spacing, and numbering to highlight the key points and sections. The questionnaires should also use tables, charts, or graphs to present the data or information in a structured and visual way.
• Types of question: The questionnaires should use different types of questions to elicit the required information from the respondents. The questionnaires should use open-ended questions to allow the respondents to provide their own opinions or explanations, closed-ended questions to obtain specific or quantitative data, and rating or ranking questions to measure the relative importance or priority of the factors or criteria.
• Level of detail: The questionnaires should provide the appropriate level of detail for the BIA. The questionnaires should not be too general or vague, as this could lead to inaccurate or incomplete results. The questionnaires should not be too specific or technical, as this could overwhelm or intimidate the respondents. The questionnaires should balance the depth and breadth of the information needed for the BIA.

References: 1: ISO 22301 Auditing eBook, Chapter 5: Business Impact Analysis and Risk Assessment, Section 5.2: Business Impact Analysis, Subsection 5.2.3: Data Collection Methods, Page 69.

The PDCA paradigm cycle is widely recognized as a process-centric approach. The PDCA cycle, also known as the Deming cycle or the Shewhart cycle, is a four-step model for carrying out change and improvement in a systematic and consistent way. The PDCA cycle consists of the following phases: Plan, Do, Check, and Act. The Plan phase involves identifying the problem, setting the objectives, and developing the plan for improvement. The Do phase involves implementing the plan and carrying out the actions. The Check phase involves monitoring and measuring the results and comparing them with the objectives. The Act phase involves taking corrective actions, standardizing the improvement, and reviewing the process. The PDCA cycle is a process-centric approach because it focuses on the processes and their interactions that deliver the desired outcomes and performance. The PDCA cycle helps to ensure that the processes are planned, executed, evaluated, and improved in a continuous and consistent manner. The PDCA cycle is also aligned with the process approach principle of ISO 22301, the international standard for business continuity management systems. ISO 22301 requires the organization to apply the PDCA cycle to its business continuity management system, as well as to its individual processes and activities. The PDCA cycle helps the organization to establish, implement, operate, monitor, review, maintain, and continually improve its business continuity management system and its ability to respond to and recover from disruptive incidents. References:

• ISO 22301 Auditing eBook, Chapter 1: Introduction to Business Continuity Management Systems, Section 1.3: PDCA Cycle1
• ISO 22301:2019 - Security and resilience — Business continuity management systems — Requirements, Clause 0.3: The Plan-Do-Check-Act cycle2
• What is the Plan-Do-Check-Act (PDCA) Cycle?3

The Do step in the PDCA cycle is the stage where the plan is implemented and executed. It involves carrying out the activities and processes that are defined in the BCMS. It is also the step where communication with key stakeholders is maintained. Communication is a vital element of the BCMS, as it ensures that all relevant parties are informed and involved in the business continuity process. ISO 22301 requires organizations to establish communication procedures that enable timely and effective communication during a disruption. These procedures should include clear communication channels, escalation processes, and guidelines for communication with stakeholders such as customers, suppliers, and regulatory bodies1. Communication and training are also important aspects of the Do step, as they ensure that all stakeholders are involved and aware of the PDCA cycle and their role in it. Provide training and support to help employees understand the process and how they can contribute to it2. The Do step also involves testing and exercising the BCMS to verify its effectiveness and identify areas for improvement. Testing and exercising are essential for validating the assumptions, plans, and procedures of the BCMS and ensuring that they are fit for purpose. They also help to raise awareness and confidence among the staff and stakeholders and demonstrate the organization’s commitment to business continuity3. References: : ISO 22301 Clause 7.4 Communication : The Plan-Do-Check-Act (PDCA) Cycle: A Guide to Continuous Improvement : ISO 22301 Business Continuity Management Made Easy