Auditing ISO 22301 BCMS Standard - Part III
Master the principles, processes, and practices of effective management systems auditing
Download Handbook & Activity Sheets
Activity 01
BCMS Audit Schedule / Plan
To develop a detailed BCMS internal audit schedule for SecureBank Ltd., defining audit scope, objectives, criteria, audit team, time plan, and process coverage across DC, DR site, branches, ATMs, and POS operations.
Audit Scope
Coverage across DC, DR site, branches, ATMs, and POS operations
Objectives & Criteria
Define clear audit objectives aligned with ISO 22301:2019 standards
Team & Timeline
Assign audit team members and establish detailed time plan
Activity 02
BCMS Audit Requirements
To identify and list the specific BCMS audit requirements applicable to the IT and operational functions, aligning them with ISO 22301:2019 clauses, organizational controls, and evidence to be verified.
1
ISO 22301:2019 Clauses
Identify applicable standard clauses for IT and operational functions
2
Organizational Controls
Map internal controls to compliance requirements
3
Evidence Verification
Define documentation and records to be verified during audit

Key Focus: Aligning audit requirements with ISO 22301:2019 clauses ensures comprehensive coverage of business continuity management system standards across all SecureBank operations.
Activity 03
Opening Meeting
To prepare and deliver a formal opening meeting speech outlining audit purpose, scope, criteria, methodology, confidentiality, and engagement expectations before commencing the audit.
Meeting Agenda
  • Audit purpose and objectives
  • Scope and criteria definition
  • Methodology overview
  • Confidentiality commitments
  • Engagement expectations
  • Q&A session
The opening meeting sets the tone for the entire audit process, establishing clear communication channels and mutual understanding between the audit team and SecureBank management.
Activity 04
Audit Checklist
To design a BCMS audit checklist for SecureBank's IT and continuity processes, including relevant ISO 22301 clauses, audit questions, and evidence requirements for evaluating conformance.
01
ISO 22301 Clauses
Reference applicable standard clauses
02
Audit Questions
Develop targeted questions for each process area
03
Evidence Requirements
Define documentation needed to verify conformance
04
Conformance Evaluation
Establish criteria for assessing compliance levels
Activity 05
Closing Meeting
To conduct a closing meeting summarizing audit findings, non-conformities, and positive observations, while thanking management and communicating the next steps for corrective actions.
Audit Findings Summary
Non-Conformities Identified
Positive Observations
Next Steps & Corrective Actions
Activity 06
Audit Report
To prepare the comprehensive BCMS audit report documenting audit scope, criteria, results, and findings, including major/minor non-conformities, observations, and overall performance summary.
1
Audit Scope & Criteria
Document the boundaries and standards applied during the audit
2
Results & Findings
Detail all audit observations and evidence collected
3
Non-Conformities
Classify and describe major and minor non-conformities identified
4
Performance Summary
Provide overall assessment of BCMS effectiveness
Activity 07
Corrective Action Plan (CAP)
To develop a Corrective Action Plan for addressing the identified non-conformities and observations, defining root causes, corrective measures, responsibilities, and target completion dates.
CAP
Structured approach to resolving audit findings
1
Root Causes
2
Corrective Measures
3
Responsibilities
4
Target Dates
The Corrective Action Plan ensures systematic resolution of all identified non-conformities and observations, with clear accountability and timelines for implementation.
Instructions for sharing BCMS activity sheets
Follow these guidelines to ensure proper submission of your completed BCMS activity files (01–07).
01
Save Your Files Correctly
Use the specified naming convention:
<ActivityNo>_<ActivityTitle>_SecureBank_<YourFullName>_<DateYYYYMMDD>.
  • Example: ACT04_Audit-Checklist_SecureBank_Anita-Patel_20251101.docx
  • Use .docx for Activities 01–05, .xlsx for 06 & 07.
  • Optional: Create a single ZIP file for all activities: BCMS_Activities01-07_SecureBank_Anita-Patel_20251101.zip
02
Share activity sheets via email
Notify your coordinator via email with the specified subject and body.
Subject: BCMS Activities 01–07 – SecureBank – <Company Short Name> <Your Full Name> – Uploaded on <Date>
Body:
Hello <Coordinator Name>,

I’ve uploaded my BCMS Activities 01–07 for the SecureBank case study at the provided link.

Submission details:
• Candidate: <Your Full Name>
• Email: <Your Email>
• Files: 7 individual files (.docx for ACT 01–05, .xlsx for ACT 06–07) OR 1 ZIP (BCMS_Activities01-07_SecureBank_<YourName>_<Date>.zip)
• Date/Time of Upload: <Date, Local Time>

Kindly confirm receipt and let me know if anything else is required.

Regards,
<Your Full Name>
Email to: sandhya.nair@nuk9.in; deepesh@nuk9.in
Quick Checklist
1
All seven activities completed (01–05 in Word, 06 & 07 in Excel)
2
Correct file names with your full name and date
3
Optional ZIP created and correctly named
4
Confirmation email sent with details
By clicking submit button, I confirm that I have read, understood, and will follow the information security and privacy responsibilities outlined in this guide, and will promptly report any security concerns.
NUK 9 Information Security Auditors LLP [NUK 9 Auditors]
E702, Arjun, NL Complex, Anand Nagar, Dahisar East
Mumbai, Maharashtra - 400068. India
This material, including all content, graphics, systems, and tools referenced or used herein, is the intellectual property of NUK 9 Auditors. Unauthorized copying, distribution, modification, or use of this material or related systems is strictly prohibited and may result in disciplinary or legal action.
Use of content is permitted only for internal team, it's contracted services and authorized purposes in accordance with company policies.