Note: Not all pages are shown in this sample
Terms Used
ISO22301 Gap Assessment Tool
BCMS = Business Continuity Management System
Business continuity management systems - Requirements
Area
Section
Sub-section
ISO22301 Requirements
ISO22301 requirements met? Action needed to meet requirement
4 Context of the organization 4.1 Understanding the organization and its context
Have the external and internal issues that affect the BCMS been determined? Has the organization identified and documented its activities, products and services and relationships, and the potential impact of a disruptive event on them? Has the context been defined, in terms of objectives, risk criteria and appetite, and the purpose of the BCMS?
Section Total: 4.2 Understanding the needs and expectations of interested parties
4.2.1 General
Have the interested parties and their requirements been identified? Is there a procedure to identify, document and communicate applicable legal and regulatory requirements? Does the BCMS take the applicable legal and regulatory requirements into account?
Section Total: 4.3 Determining the scope of the business continuity 4.3.1 General management system 4.3.2 Scope of the BCMS
Area Total:
Yes
Yes Yes
Yes
3 Has the scope of the BCMS been determined and documented? Have exclusions to the scope been documented and explained?
Section Total:
Section Total:
Yes
3
4.2.2 Legal and regulatory requirements
4.4 Business continuity management system
Yes
Yes Yes
2 Is a BCMS in place and being continually improved?
Yes
1 9
Action owner
5 Leadership 5.1 Leadership and commitment
Does top management demonstrate leadership with respect to the BCMS?
Section Total: 5.2 Management commitment
1 Does top management demonstrate commitment to the BCMS? Is top management commitment evidenced by actions such as providing resources, communicating effectively and setting objectives? Has top management allocated responsibility for the BCMS and assigned other relevant BCMS roles?
Section Total: 5.3 Policy
Section Total:
Yes Yes
Yes
3 Is a documented business continuity policy in place?
Yes
Does it set objectives for the BCMS? Does it commit the organization to satisfying requirements and continually improving the BCMS?
Yes Yes
Is it adequately communicated and reviewed?
Yes
Section Total: 5.4 Organizational roles, responsibilities and authorities
Yes
4 Are roles, responsibilities and authorities for the BCMS defined, allocated and communicated?
Yes
1
Summary Results Table
Area 4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance evaluation 10 Improvement Total
Total Number of Requirements
Number of Requirements Met
% Requirements Met
9 9 6 10 22 10 3 69
9 9 6 10 22 10 3 69
100% 100% 100% 100% 100% 100% 100%
Detailed Results Table Section 4.1 Understanding of the organisation and its context 4.2 Understanding the needs & expectations of interested parties 4.3 Determining the scope of the BCMS 4.4 Business continuity management system 5.1 Leadership and commitment 5.2 Management commitment 5.3 Policy 5.4 Organisational roles, responsibilities and authorities 6.1 Actions to address risks and opportunities 6.2 Business continuity objectives and plans to achieve them 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information 8.1 Operational planning and control 8.2 Business impact analysis and risk assessment 8.3 Business continuity strategy 8.4 Establish and implement business continuity procedures 8.5 Exercising and testing 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review 10.1 Nonconformity and corrective action 10.2 Continual improvement Total
Total Number of Requirements
Number of Requirements Met
% Requirements Met
3 3 2 1 1 3 4 1 3 3 1 2 1 2 4 3 3 4 10 2 5 2 3 2 1 69
3 3 2 1 1 3 4 1 3 3 1 2 1 2 4 3 3 4 10 2 5 2 3 2 1 69
100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%
Percentage Conformity to the ISO22301 Standard Summary Radar Chart 4 Context of the organization 100% 90% 80%
70% 10 Improvement
5 Leadership 60% 50% 40%
30% 20% 10% 0%
9 Performance evaluation
6 Planning
8 Operation
7 Support
Level of Conformity to the ISO22301 Standard Summary Level 25
Number of Requirements
20
15
10
5
0
Total Number of Requirements
Area of Standard
Number of Requirements Met
Percentage Conformity to the ISO22301 Standard Summary Level 100% 90%
% Requirements Met
80% 70% 60% 50% 40% 30% 20% 10% 0%
Area of Standard
Percentage Conformity to the ISO22301 Standard Detailed Radar Chart 4.1 Understanding of the organisation and its context 4.2 Understanding the needs & expectations 10.2 Continual improvement 100% of interested parties 10.1 Nonconformity and corrective action 9.3 Management review
90% 80%
4.3 Determining the scope of the BCMS 4.4 Business continuity management system
70% 9.2 Internal audit
60%
5.1 Leadership and commitment
50% 9.1 Monitoring, measurement, analysis and evaluation
40% 5.2 Management commitment
30% 20% 10%
8.5 Exercising and testing
5.3 Policy
0% 8.4 Establish and implement business continuity procedures
5.4 Organisational roles, responsibilities and authorities
8.3 Business continuity strategy
6.1 Actions to address risks and opportunities
8.2 Business impact analysis and risk assessment 8.1 Operational planning and control 7.5 Documented information 7.4 Communication
6.2 Business continuity objectives and plans to achieve them 7.1 Resources 7.2 Competence 7.3 Awareness
Level of Conformity to the ISO22301 Standard Detailed Level 12
Number of Requirements
10
8
6
4
2
0
Total Number of Requirements
Number of Requirements Met
Area of Standard
Percentage Conformity to the ISO22301 Standard Detailed Level 100% 90% 80%
% Requirements Met
70% 60% 50% 40% 30% 20% 10% 0%
Area of Standard