An organization has implemented controls to prevent the unauthorized disclosure of documented information required by the BCMS. Is this in compliance with ISO 22301?
An organization is trying to establish maturity targets for its existing processes. It is concluded that while some processes are implemented case by case, there is no standardized method for executing them. What maturity level does this indicate?
Scenario:
Headquartered in Sri Lanka, Operons Inc. is a freight forwarding company that adopted a BCMS aligned with ISO 22301. Prior to the certification audit, Operons Inc. measured gaps between their BCMS and the standard's requirements to ensure compliance. The certification body was contracted to conduct the audit, and a biased auditor from a previous ISO 9001 audit was replaced upon request. During the audit, two minor nonconformities were identified, and the audit team issued a recommendation for certification.
Based on Scenario 8, considering that these are only minor nonconformities and the top management was quick to acknowledge the oversight, the audit team issued a recommendation for certification. Is this acceptable?
Why is it important for organizations operating in multiple locations to be aware of compliance requirements?
TESTED 22 Jan 2025
