PECB ISO 22301 Lead Auditor ISO-22301-Lead-Auditor Exam Questions

Answer : A, B, C

According to the ISO 22301 Auditing eBook, there are three types of personal interview, which differ in terms of the structure, purpose and depth of information to be elicited. They are:

Fully structured interview: This type of interview follows a predefined set of questions that are asked in a fixed order. The interviewer does not deviate from the script and does not probe for additional information. The advantage of this type of interview is that it ensures consistency and comparability of data across different interviewees. The disadvantage is that it may not capture the nuances and complexities of the interviewee's responses, and may miss some important information that is not covered by the questions.

Semi-structured interview: This type of interview has a general outline of topics or questions to be covered, but the interviewer has the flexibility to ask follow-up questions, clarify ambiguities, and explore new areas of interest that emerge during the conversation. The advantage of this type of interview is that it allows for a deeper and richer understanding of the interviewee's perspectives, opinions, and experiences. The disadvantage is that it may introduce some variability and bias in the data collection and analysis, depending on the interviewer's skills and style.

Unstructured interview: This type of interview has no predetermined agenda or questions, and the interviewer relies on the natural flow of the conversation to guide the discussion. The interviewer may use some open-ended prompts or probes to elicit more information, but the interviewee has the freedom to express whatever they want. The advantage of this type of interview is that it can reveal unexpected and insightful information that may not be obtained through other methods. The disadvantage is that it may be difficult to manage, control, and summarize the data, and it may require more time and resources to conduct and analyze.

1of30

Answer : C

The check phase in the PDCA cycle is the phase where the organization monitors, measures, analyzes, and evaluates the performance and effectiveness of the BCMS against the business continuity policy, objectives, and requirements. The check phase involves conducting internal audits, management reviews, and performance evaluations to identify the strengths and weaknesses of the BCMS, as well as the opportunities for improvement. The check phase also involves collecting and analyzing feedback from interested parties, such as customers, suppliers, regulators, and employees, to ensure that the BCMS meets their needs and expectations. The check phase provides the basis for the act phase, where the organization takes corrective actions and preventive actions to address the nonconformities and risks identified in the check phase.Reference: ISO 22301:2019, Clause 9; ISO 22301 Auditing eBook, Chapter 5.1.

Answer : A

Policy documents are developed in accordance to the framework of objectives, which are derived from the organization's strategic direction, context, and interested parties' needs and expectations. Policy documents provide guidance and direction for the organization's business continuity management system (BCMS) and set the overall tone and commitment of top management. Policy documents also define the scope and boundaries of the BCMS and the roles and responsibilities of the relevant parties.Reference: ISO 22301 Auditing eBook, page 28; ISO 22301:2019 standard, clause 5.2

Answer : B

The evaluation process that enables senior executives to manage decisions on building resilience in the development programme is the new product/service assessment. This process involves evaluating the potential impact of new products or services on the organization's business continuity objectives, risks, and capabilities. The new product/service assessment helps senior executives to identify and prioritize the business continuity requirements and resources needed for the successful launch and delivery of new products or services. The new product/service assessment also helps senior executives to monitor and review the performance and effectiveness of the new products or services in relation to the business continuity objectives and expectations.Reference:

ISO 22301 Auditing eBook, page 67

ISO 22301:2019, clause 8.3

Answer : A

Leadership stresses the importance of executive support for the BCMS, as it is one of the key factors for the success of the system. According to the ISO 22301 Auditing eBook, leadership is the process of influencing and directing people to achieve the organization's business continuity objectives. Leadership involves setting the vision, direction, and strategy for the BCMS, as well as providing the necessary resources, support, and communication to implement and maintain the system. Executive support refers to the commitment and involvement of the top management in the BCMS. Executive support ensures that the BCMS is aligned with the organization's overall strategy and objectives, and that it receives the adequate attention, budget, and resources it needs. Executive support also ensures that the BCMS is integrated into the organization's culture and values, and that it is communicated to all relevant parties, such as employees, customers, suppliers, regulators, and the public. Executive support can create a positive impact on the organization's resilience and reputation, as it demonstrates the organization's readiness and capability to respond to and recover from disruptive incidents. Leadership and executive support are closely related and mutually reinforcing. Leadership requires executive support to establish and sustain the BCMS, and executive support requires leadership to guide and direct the BCMS. Without leadership and executive support, the BCMS may not be effective, efficient, or consistent, and may not achieve the desired outcomes.Reference: ISO 22301 Auditing eBook, pages 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, and 27.

Answer : A

The Do phase in the PDCA cycle consists of operation, which means implementing and operating the business continuity policy, controls, processes, and procedures that have been planned in the previous phase. The Do phase also involves establishing the necessary resources, competencies, awareness, communication, and documentation to support the effective operation of the business continuity management system (BCMS). The Do phase aims to ensure that the organization is prepared to respond to and recover from disruptive incidents in a timely and effective manner.Reference: ISO 22301 Auditing eBook, pages 9, 10, 11, 22, 23, and 24.

Answer : A

A formal management system is a type of management system that provides the means for organizations to improve internal controls and management competence. A formal management system is a documented system that defines the policies, objectives, processes, procedures, roles, responsibilities, and resources for managing a specific aspect of the organization's performance. A formal management system is based on a recognized standard or framework that specifies the requirements and best practices for achieving the desired outcomes and performance. A formal management system also includes mechanisms for monitoring, measuring, reviewing, and improving the system's effectiveness and efficiency. A formal management system helps the organization to demonstrate its commitment and capability to meet the expectations and needs of its stakeholders, such as customers, regulators, employees, suppliers, etc. A formal management system also helps the organization to identify and manage the risks and opportunities that may affect its performance and continuity. Examples of formal management systems are ISO 22301 for business continuity management, ISO 9001 for quality management, ISO 14001 for environmental management, ISO 27001 for information security management, etc.Reference:

ISO 22301 Auditing eBook, Chapter 1: Introduction to Business Continuity Management Systems, Section 1.1: Management System Concepts1

What is a management system?2

ISO - Management system standards3