Full Access PECB ISO-22301-Lead-Auditor Tutorials

The PDCA paradigm cycle is widely recognized as a process-centric approach. The PDCA cycle, also known as the Deming cycle or the Shewhart cycle, is a four-step model for carrying out change and improvement in a systematic and consistent way. The PDCA cycle consists of the following phases: Plan, Do, Check, and Act. The Plan phase involves identifying the problem, setting the objectives, and developing the plan for improvement. The Do phase involves implementing the plan and carrying out the actions. The Check phase involves monitoring and measuring the results and comparing them with the objectives. The Act phase involves taking corrective actions, standardizing the improvement, and reviewing the process. The PDCA cycle is a process-centric approach because it focuses on the processes and their interactions that deliver the desired outcomes and performance. The PDCA cycle helps to ensure that the processes are planned, executed, evaluated, and improved in a continuous and consistent manner. The PDCA cycle is also aligned with the process approach principle of ISO 22301, the international standard for business continuity management systems. ISO 22301 requires the organization to apply the PDCA cycle to its business continuity management system, as well as to its individual processes and activities. The PDCA cycle helps the organization to establish, implement, operate, monitor, review, maintain, and continually improve its business continuity management system and its ability to respond to and recover from disruptive incidents. References:

• ISO 22301 Auditing eBook, Chapter 1: Introduction to Business Continuity Management Systems, Section 1.3: PDCA Cycle1
• ISO 22301:2019 - Security and resilience — Business continuity management systems — Requirements, Clause 0.3: The Plan-Do-Check-Act cycle2
• What is the Plan-Do-Check-Act (PDCA) Cycle?3

 Policy documents are developed in accordance to the framework of objectives, which are derived from the organization’s strategic direction, context, and interested parties’ needs and expectations. Policy documents provide guidance and direction for the organization’s business continuity management system (BCMS) and set the overall tone and commitment of top management. Policy documents also define the scope and boundaries of the BCMS and the roles and responsibilities of the relevant parties. References: ISO 22301 Auditing eBook, page 28; ISO 22301:2019 standard, clause 5.2

According to ISO 22301 Auditing eBook, Chapter 3.2.1, people-oriented objectives are the objectives that are related to shaping the attitudes, behaviours, and skills of individuals within the organization. These objectives aim to enhance the awareness, competence, and commitment of the personnel involved in the business continuity management system (BCMS). Some examples of people-oriented objectives are:

• To increase the level of business continuity awareness among all employees by conducting regular training and awareness sessions.
• To ensure that all business continuity roles and responsibilities are clearly defined and communicated to the relevant personnel.
• To develop and maintain the necessary skills and knowledge for performing business continuity tasks and activities.
• To foster a culture of business continuity within the organization that encourages participation, collaboration, and continuous improvement.

People-oriented objectives are important for ensuring that the organization has the human resources required for implementing and maintaining the BCMS, and for achieving the desired business continuity performance and results. References: ISO 22301 Auditing eBook, Chapter 3.2.1.