The Check step in the PDCA cycle is the stage where the results are analyzed. It involves monitoring and evaluating the actions taken in the Do step. It is used to determine the effectiveness of the plan and to avoid recurring mistakes. The Check step identifies and assesses issues in the management process, such as gaps, nonconformities, risks, and opportunities. The Check step also involves collecting and analyzing data and information related to the performance and effectiveness of the BCMS. This can be done through various methods, such as audits, reviews, tests, exercises, surveys, and feedback. The Check step provides valuable input for the Act step, where corrective and preventive actions are taken to address the issues and improve the BCMS. References: : ISO 22301 Auditing eBook, page 11 : ISO 22301:2019, clause 9.1 : The Plan-Do-Check-Act (PDCA) Cycle: A Guide to Continuous Improvement : Plan-Do-Check-Act Cycle - BCMpedia
Questions 5
Which of the following document is owned by executive management and sets the purpose of BCM in an organisation?
The document that is owned by executive management and sets the purpose of BCM in an organization is the Business Continuity Policy. The Business Continuity Policy is a high-level document that defines the scope, objectives, principles, and roles and responsibilities for business continuity management within the organization. It also demonstrates the commitment of top management to support and continually improve the BCMS. The Business Continuity Policy is one of the mandatory documents required by ISO 22301, the international standard for BCMS12.
The other options are not correct because they are not documents that are owned by executive management and set the purpose of BCM in an organization. A Business Process Policy is a document that describes the procedures and rules for performing a specific business process, such as procurement, sales, or accounting. A Register is a document that records and tracks the status of certain items, such as risks, incidents, or assets. A Worksheet is a document that contains data and calculations, such as a spreadsheet or a form.
References: 1: ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, 5.3 2: ISO 22301 Auditing eBook, Chapter 2.2.2
Questions 6
Non-compliance can often lead to undesirable outcomes.
Non-compliance can often lead to undesirable outcomes. Non-compliance means the failure or refusal to comply with the requirements and expectations of a standard, regulation, contract, policy, or other obligation. Non-compliance can have negative consequences for an organization, such as:
Legal penalties: Non-compliance can result in fines, sanctions, lawsuits, or criminal charges from the authorities or other parties that have the power to enforce the compliance. For example, non-compliance with data protection laws can lead to hefty fines and reputational damage for the organization.
Loss of trust: Non-compliance can erode the confidence and trust of the stakeholders, such as customers, suppliers, employees, investors, regulators, etc. This can affect the organization’s reputation, credibility, and competitiveness in the market. For example, non-compliance with quality standards can lead to customer dissatisfaction and defection.
Loss of business: Non-compliance can cause the organization to lose business opportunities, contracts, or partnerships with other organizations that require or expect compliance. For example, non-compliance with environmental standards can prevent the organization from entering certain markets or sectors that have strict sustainability criteria.
Loss of continuity: Non-compliance can expose the organization to increased risks and vulnerabilities that can disrupt its operations and performance. For example, non-compliance with business continuity standards can impair the organization’s ability to respond to and recover from disruptive incidents, such as natural disasters, cyberattacks, supply chain failures, etc.
Therefore, non-compliance can often lead to undesirable outcomes that can harm the organization’s interests, objectives, and values. To avoid these outcomes, the organization should establish, implement, and maintain a compliance management system that ensures the organization’s adherence to the relevant standards, regulations, contracts, policies, and other obligations. The compliance management system should also include mechanisms for monitoring, measuring, reviewing, and improving the organization’s compliance performance and effectiveness. References:
ISO 19600:2014 - Compliance management systems — Guidelines1
ISO 22301:2019 - Security and resilience — Business continuity management systems — Requirements, Clause 9.1: Monitoring, measurement, analysis and evaluation3
Questions 7
Which step in PDCA Cycle maintains communication with key stakeholders?
The Do step in the PDCA cycle is the stage where the plan is implemented and executed. It involves carrying out the activities and processes that are defined in the BCMS. It is also the step where communication with key stakeholders is maintained. Communication is a vital element of the BCMS, as it ensures that all relevant parties are informed and involved in the business continuity process. ISO 22301 requires organizations to establish communication procedures that enable timely and effective communication during a disruption. These procedures should include clear communication channels, escalation processes, and guidelines for communication with stakeholders such as customers, suppliers, and regulatory bodies1. Communication and training are also important aspects of the Do step, as they ensure that all stakeholders are involved and aware of the PDCA cycle and their role in it. Provide training and support to help employees understand the process and how they can contribute to it2. The Do step also involves testing and exercising the BCMS to verify its effectiveness and identify areas for improvement. Testing and exercising are essential for validating the assumptions, plans, and procedures of the BCMS and ensuring that they are fit for purpose. They also help to raise awareness and confidence among the staff and stakeholders and demonstrate the organization’s commitment to business continuity3. References: : ISO 22301 Clause 7.4 Communication : The Plan-Do-Check-Act (PDCA) Cycle: A Guide to Continuous Improvement : ISO 22301 Business Continuity Management Made Easy