Training Module
Auditing BCM Operational Readiness & Exercises
Audit BCM readiness, exercise quality, and dependency preparedness under ISO 22301
Training Module
Auditing BCM Operational Readiness & Exercises
Audit BCM readiness, exercise quality, and dependency preparedness under ISO 22301
Training Module
Auditing BCM Operational Readiness & Exercises
Audit BCM readiness, exercise quality, and dependency preparedness under ISO 22301

Move from “documented plans” to evidence of workable continuity capability
Continuity documentation can look complete while capability is fragile in practice. This module helps auditors test readiness and exercising as an operational system, including the weak points that sit outside the organisation, such as suppliers and shared dependencies.

Move from “documented plans” to evidence of workable continuity capability
Continuity documentation can look complete while capability is fragile in practice. This module helps auditors test readiness and exercising as an operational system, including the weak points that sit outside the organisation, such as suppliers and shared dependencies.

Move from “documented plans” to evidence of workable continuity capability
Continuity documentation can look complete while capability is fragile in practice. This module helps auditors test readiness and exercising as an operational system, including the weak points that sit outside the organisation, such as suppliers and shared dependencies.
Training module overview
Training module overview
Training module overview
Audits of business continuity management (BCM) often over-index on plan completeness and under-test whether the organisation can actually respond and sustain critical activities. Exercises are frequently run as “event theatre”: they happen, minutes are written, but learning is shallow, follow-up is weak, and the same gaps recur.
This audit add-on focuses on how to assess operational readiness and exercises under ISO 22301 without re-teaching BCM design methods or generic audit craft. Participants learn evidence strategies and judgement cues to distinguish plans from capability, evaluate exercise quality and learning loops, and test supplier and dependency readiness where continuity often fails.
Audits of business continuity management (BCM) often over-index on plan completeness and under-test whether the organisation can actually respond and sustain critical activities. Exercises are frequently run as “event theatre”: they happen, minutes are written, but learning is shallow, follow-up is weak, and the same gaps recur.
This audit add-on focuses on how to assess operational readiness and exercises under ISO 22301 without re-teaching BCM design methods or generic audit craft. Participants learn evidence strategies and judgement cues to distinguish plans from capability, evaluate exercise quality and learning loops, and test supplier and dependency readiness where continuity often fails.
Applicable environments
This module focuses on auditing clauses and controls that are specific to ISO 22301. It is intended for auditors working with organisations operating an business continuity management system (BCMS) according to this standard.
Target audience
Target audience
Target audience
Aspiring auditors who want to audit business continuity management systems against ISO 22301 following best practices
Practising ISO 22301 auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Aspiring auditors who want to audit business continuity management systems against ISO 22301 following best practices
Practising ISO 22301 auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Decision support
Is this module for you?
It is a good fit if you…
seek to audit whether BCM plans translate into real operational readiness.
are aiming to judge exercise quality beyond execution and documentation.
focus on evidence for capability, not plan completeness or formality.
are prepared to test dependency readiness, including suppliers and shared services.
expect to strengthen audit conclusions on BCM readiness and learning.
seek to audit whether BCM plans translate into real operational readiness.
are aiming to judge exercise quality beyond execution and documentation.
focus on evidence for capability, not plan completeness or formality.
are prepared to test dependency readiness, including suppliers and shared services.
expect to strengthen audit conclusions on BCM readiness and learning.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
prefer to design BCM strategies, plans, or exercise scenarios.
are looking for guidance on running or facilitating exercises.
focus primarily on improving response performance or resilience design.
do not intend to audit BCM readiness under ISO 22301.
prefer to design BCM strategies, plans, or exercise scenarios.
are looking for guidance on running or facilitating exercises.
focus primarily on improving response performance or resilience design.
do not intend to audit BCM readiness under ISO 22301.
Agenda
Agenda
Agenda
Audit focus: readiness and exercises as capability
Operational readiness: evidence trails that matter
Exercising: from “did we run it?” to “did we learn?”
Sampling readiness and exercises across the organisation
Supplier and dependency readiness
Typical findings and systemic issues in ISO 22301 readiness/exercising
Case-based audit simulation
Show detailed agenda...
Audit focus: readiness and exercises as capability
Operational readiness: evidence trails that matter
Exercising: from “did we run it?” to “did we learn?”
Sampling readiness and exercises across the organisation
Supplier and dependency readiness
Typical findings and systemic issues in ISO 22301 readiness/exercising
Case-based audit simulation
Show detailed agenda...
Audit focus: readiness and exercises as capability
Operational readiness: evidence trails that matter
Exercising: from “did we run it?” to “did we learn?”
Sampling readiness and exercises across the organisation
Supplier and dependency readiness
Typical findings and systemic issues in ISO 22301 readiness/exercising
Case-based audit simulation
Show detailed agenda...
Learning outcomes
Learning outcomes
Learning outcomes
Key outcomes
Distinguish plan completeness from operational capability using clear audit judgement criteria
Build evidence trails that test readiness in practice
Evaluate exercise quality beyond “exercise performed,” focusing on realism, decision-making, and learning value
Distinguish plan completeness from operational capability using clear audit judgement criteria
Build evidence trails that test readiness in practice
Evaluate exercise quality beyond “exercise performed,” focusing on realism, decision-making, and learning value
Additional capabilities
Judge whether exercise outputs translate into controlled improvement
Identify and test continuity-critical supplier and dependency assumptions with targeted sampling
Recognise common “false assurance” patterns and formulate defensible audit conclusions for internal and third-party contexts
Judge whether exercise outputs translate into controlled improvement
Identify and test continuity-critical supplier and dependency assumptions with targeted sampling
Recognise common “false assurance” patterns and formulate defensible audit conclusions for internal and third-party contexts
Additional benefits
Additional benefits
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Readiness audit trail map (capability-focused evidence checklist)
Exercise quality review checklist (design → conduct → learning → follow-up)
Dependency and supplier readiness sampling grid
Red-flag library for “paper readiness” and “exercise theatre”
Topic-specific interview prompts for readiness and exercising (questions, not interviewing technique)
Readiness audit trail map (capability-focused evidence checklist)
Exercise quality review checklist (design → conduct → learning → follow-up)
Dependency and supplier readiness sampling grid
Red-flag library for “paper readiness” and “exercise theatre”
Topic-specific interview prompts for readiness and exercising (questions, not interviewing technique)
Confirmation
Certificate of completion
Module ID
HAM-BC-A-02
Domain
Audience
Auditor
Language
English
Delivery
Live virtual
Duration
3 h
List price
CHF 250
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Delivery & learning format
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
Not sure if this module is right for you?
Not sure if this module is right for you?
Not sure if this module is right for you?
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes participants can already apply generic audit craft (evidence logic, sampling, professional judgement, interviewing, and reporting). It also assumes baseline familiarity with BCM concepts and typical continuity artefacts (e.g., plans, roles, exercise records), without requiring participants to be BCM implementers.
Helpful background includes:
Practical experience auditing operational capability (not only documented information)
Familiarity with outsourced activities and service dependencies as audit scope
This module assumes participants can already apply generic audit craft (evidence logic, sampling, professional judgement, interviewing, and reporting). It also assumes baseline familiarity with BCM concepts and typical continuity artefacts (e.g., plans, roles, exercise records), without requiring participants to be BCM implementers.
Helpful background includes:
Practical experience auditing operational capability (not only documented information)
Familiarity with outsourced activities and service dependencies as audit scope
Preparatory modules
Foundational modules (depending on background)
Useful if you are new to the underlying concepts or want a shared baseline before attending this module.
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Business Continuity Strategies & Solutions
Understand continuity strategy options, solution design components, and decision criteria aligned to ISO 22301 time-based requirements
7 h
Business Continuity Strategies & Solutions
Understand continuity strategy options, solution design components, and decision criteria aligned to ISO 22301 time-based requirements
7 h
Business Continuity Strategies & Solutions
Understand continuity strategy options, solution design components, and decision criteria aligned to ISO 22301 time-based requirements
7 h
Supporting modules (optional)
Helpful if you want to deepen related skills, but not required to participate effectively.
Business Impact Analysis (BIA) & Critical Activities
Understand ISO 22301-aligned business impact analysis, critical activity identification, and time-based recovery requirements
7 h
Business Impact Analysis (BIA) & Critical Activities
Understand ISO 22301-aligned business impact analysis, critical activity identification, and time-based recovery requirements
7 h
Business Impact Analysis (BIA) & Critical Activities
Understand ISO 22301-aligned business impact analysis, critical activity identification, and time-based recovery requirements
7 h
Business Continuity Plans, Response & Exercising
Understand continuity plan structure, response roles and communications, and exercising approaches aligned to continuity requirements
7 h
Business Continuity Plans, Response & Exercising
Understand continuity plan structure, response roles and communications, and exercising approaches aligned to continuity requirements
7 h
Business Continuity Plans, Response & Exercising
Understand continuity plan structure, response roles and communications, and exercising approaches aligned to continuity requirements
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
After completion of this module, the following modules are ideal to further deepen your competence. If you are looking for a structured learning path, modules can also be taken as part of a professional track.

Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
