Please note: This sample shows only a section of the complete Gap Assessment tool.
Terms used BCMS = Business Continuity Management System AREA/SECTION
SUB-SECTION
ISO22301 REQUIREMENTS
REQS MET? ACTION NEEDED TO MEET REQ
4 Context of the organization 4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.2.1 General 4.2.2 Legal and regulatory requirements
4.3 Determining the scope of the business continuity management system
4.3.1 General 4.3.2 Scope of the BCMS
4.4 Business continuity management system
Have the external and internal issues that affect the BCMS been determined? Has the organization identified and documented its activities, products and services and relationships, and the potential impact of a disruptive event on them?
Yes
Has the context been defined, in terms of objectives, risk criteria and appetite, and the purpose of the BCMS? Have the interested parties and their requirements been identified? Is there a procedure to identify, document and communicate applicable legal and regulatory requirements? Does the BCMS take the applicable legal and regulatory requirements into account? Has the scope of the BCMS been determined and documented? Have exclusions to the scope been documented and explained? Is a BCMS in place and being continually improved?
Yes
Total:
Yes
Yes Yes
Yes Yes Yes Yes
9
5 Leadership 5.1 Leadership and commitment
5.2 Policy
5.3 Roles, responsibilities and authorities
Does top management demonstrate leadership with respect to the BCMS? Does top management demonstrate commitment to the BCMS? Is top management commitment evidenced by actions such as providing resources, communicating effectively and setting objectives? Has top management allocated responsibility for the BCMS and assigned other relevant BCMS roles? 5.2.1 Establishing the business continuity Is a documented business continuity policy in policy place? Does it set objectives for the BCMS? Does it commit the organization to satisfying requirements and continually improving the BCMS? 5.2.2 Communicating the business Is it adequately communicated and continuity policy reviewed? Are roles, responsibilities and authorities for the BCMS defined, allocated and communicated? Total:
Yes Yes Yes
Yes
Yes Yes Yes
Yes Yes
9
ACTION OWNER
ISO22301 Gap Assessment dashboard To refresh chart data, click on “Refresh All” on the Data ribbon.
Gap assessment results AREA OF STANDARD
REQS IN SECTION
4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance evaluation 10 Improvement Total
NO OF REQS MET
9 9 7 10 25 8 3 71
PERCENTAGE CONFORMITY
9 9 7 10 25 8 3 71
Percentage conformity to the ISO22301 standard radar chart
100% 100% 100% 100% 100% 100% 100% 100%
4 Context of the organization 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
10 Improvement
Level of conformity to the ISO22301 standard NO OF REQS MET
5 Leadership
9 Performance evaluation
REQS IN SECTION
6 Planning
9 4 Context of the organization 9 8 Operation
9
7 Support
5 Leadership 9
Percentage conformity to the ISO22301 standard 7 6 Planning 100%
7
100%
100%
100%
100%
100%
100%
100%
4 Context of the organization
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance evaluation
10 Improvement
90% 10 7 Support
80%
10 70% 25
60%
8 Operation 25
50%
8
40%
8
30%
9 Performance evaluation
20% 3 10 Improvement
10%
3
0% 0
5
10
15
20
25
30