Please note: This sample shows only a small part of the complete Enhanced Gap Assessment tool. This comprehensive gap assessmnet tool includes the exact text of the ISO22301 Standard broken down by individual requirement within a user friendly spreadsheet.
ISO22301 Enhanced Gap Assessment Tool Terms used: BCMS: Quality Management System Business Continuity Management System Requirements ISO22301 REQUIREMENTS
REQS MET?
4 Context of the organization 4.1 Understanding the organization and its context l The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its BCMS. NOTE: These issues will be influenced by the organization’s overall objectives, its products and services and the amount and type of risk that it may or may not take. Totals:
Yes
1
4.2 Understanding the needs and expectations of interested parties 4.2.1 General When establishing its BCMS, the organization shall determine: l a) the interested parties that are relevant to the BCMS; l b) the relevant requirements of these interested parties.
Yes Yes Totals:
2
4.2.2 Legal and regulatory requirements The organization shall: l a) implement and maintain a process to identify, have access to, and assess the applicable legal and regulatory requirements related to the continuity of its products and services, activities and resources; l b) ensure that these applicable legal, regulatory and other requirements are taken into account in implementing and maintaining its BCMS; l c) document this information and keep it up to date. Totals:
Purchase online at www.certikit.com For any questions, please email sales@certikit.com
Yes
Yes Yes 3
ACTION NEEDED TO MEET REQUIREMENTS
ACTION OWNER
ISO22301 Enhanced Gap Assessment dashboard (summary) To refresh chart data, click on “Refresh All” on the Data ribbon.
Gap assessment results AREA OF STANDARD
REQS IN SECTION
4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance evaluation 10 Improvement Total
NO OF REQS MET
15 18 25 26 104 39 15 242
PERCENTAGE CONFORMITY
15 18 25 26 104 39 15 242
Percentage conformity to the ISO22301 standard summary level radar chart
100% 100% 100% 100% 100% 100% 100% 100%
4 Context of the organization 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
10 Improvement
Level of conformity to the ISO22301 standard summary level
5 Leadership
9 Performance evaluation NO OF REQS MET
6 Planning
REQS IN SECTION
15 4 Context of the organization 15 8 Operation
7 Support
18 5 Leadership 18
Percentage level of conformity to the ISO22301 standard summary level 25 6 Planning 25
100%
100%
100%
100%
100%
100%
100%
100%
4 Context of the organization
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance evaluation
10 Improvement
90%
26 7 Support
80%
26
70% 104
60%
8 Operation 104
50% 40%
39 9 Performance evaluation
30%
39
20% 15 10%
10 Improvement 15
0% 0
20
40
60
Purchase online at www.certikit.com For any questions, please email sales@certikit.com
80
100
120
ISO22301 Enhanced Gap Assessment dashboard (detailed) To refresh chart data, click on “Refresh All” on the Data ribbon.
Gap assessment results AREA OF STANDARD
SECTION
4 Context of the organisation 4 Context of the organisation 4 Context of the organisation 4 Context of the organisation 5 Leadership 5 Leadership 5 Leadership 6 Planning 6 Planning 6 Planning 7 Support 7 Support 7 Support 7 Support 7 Support 8 Operation 8 Operation 8 Operation 8 Operation 8 Operation 8 Operation 9 Performance evaluation 9 Performance evaluation 9 Performance evaluation 10 Improvement 10 Improvement
4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the BCMS 4.4 Business continuity management system 5.1 Leadership and commitment 5.2 Policy 5.3 Roles, responsibilities and authorities 6.1 Actions to address risks and opportunities 6.2 Business continuity objectives and planning to achieve them 6.3 Planning changes to the business continuity management system 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information 8.1 Operational planning and control 8.2 Business impact analysis and risk assessment 8.3 Business continuity strategies and solutions 8.4 Business continuity plans and procedures 8.5 Exercise programme 8.6 Evaluation of business continuity documentation and capabilities 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review 10.1 Nonconformity and corrective action 10.2 Continual improvement
REQS IN SECTION 1 5 8 1 8 7 3 7 13 5 1 4 4 5 12 5 14 21 49 9 6 6 10 23 13 2 242
Total
NO OF REQS PERCENTAGE MET CONFORMITY 1 100% 5 100% 8 100% 1 100% 8 100% 7 100% 3 100% 7 100% 13 100% 5 100% 1 100% 4 100% 4 100% 5 100% 12 100% 5 100% 14 100% 21 100% 49 100% 9 100% 6 100% 6 100% 10 100% 23 100% 13 100% 2 100% 242 100%
Percentage conformity to the ISO22301 standard detailed level radar chart
4.1 Understanding the organization and its context 10.2 Continual improvement 100% 4.2 Understanding the needs and expectations of… 10.1 Nonconformity and corrective action 4.3 Determining the scope of the BCMS 90%
80% 70% 60% 50% 40% 30% 20% 10% 0%
9.3 Management review 9.2 Internal audit 9.1 Monitoring, measurement, analysis and evaluation
8.6 Evaluation of business continuity documentation and…
4.4 Business continuity management system 5.1 Leadership and commitment 5.2 Policy
5.3 Roles, responsibilities and authorities
8.5 Exercise programme
6.1 Actions to address risks and opportunities
8.4 Business continuity plans and procedures
6.2 Business continuity objectives and planning to achieve…
8.3 Business continuity strategies and solutions
6.3 Planning changes to the business continuity…
8.2 Business impact analysis and risk assessment
7.1 Resources
8.1 Operational planning and control 7.2 Competence 7.5 Documented information 7.3 Awareness 7.4 Communication
Level of conformity to the ISO22301 standard detailed Level NO OF REQS MET
REQS IN SECTION
60 49
50
49
40 30 21 20
13
10
5 1
5
8
8
1
8 1
8
7
7
7 3
1
13
7
12 5
3
5 1
1
4
4
4
4
5
14
12
5
23
21 9
5
23
14 9
5
10 6
6
6
13
10
13
6 2
2
0 4.1 Understanding the organization and its context
4.2 4.3 Determining Understanding the scope of the the needs and BCMS expectations of interested parties
4.4 Business continuity management system
5.1 Leadership and commitment
4 Context of the organisation
5.2 Policy
5.3 Roles, 6.1 Actions to responsibilities address risks and and authorities opportunities
5 Leadership
6.2 Business continuity objectives and planning to achieve them
6.3 Planning changes to the business continuity management system
7.1 Resources
7.2 Competence
6 Planning
7.3 Awareness
7.4 7.5 Documented 8.1 Operational Communication information planning and control
8.2 Business impact analysis and risk assessment
7 Support
8.3 Business continuity strategies and solutions
8.4 Business continuity plans and procedures
8.5 Exercise programme
8.6 Evaluation of 9.1 Monitoring, 9.2 Internal audit 9.3 Management 10.1 business measurement, review Nonconformity continuity analysis and and corrective documentation evaluation action and capabilities
8 Operation
9 Performance evaluation
10.2 Continual improvement
10 Improvement
Percentage level of conformity to the ISO22301 standard detailed level 100%
100%
100%
100%
100%
100%
100%
4.4 Business continuity management system
5.1 Leadership and commitment
5.2 Policy
100%
100%
100%
100%
100%
100%
100%
6.3 Planning changes to the business continuity management system
7.1 Resources
7.2 Competence
7.3 Awareness
100%
100%
100%
100%
100%
100%
100%
8.2 Business impact analysis and risk assessment
8.3 Business continuity strategies and solutions
8.4 Business continuity plans and procedures
8.5 Exercise programme
100%
100%
100%
100%
100%
100%
90%
80% 70% 60% 50% 40% 30% 20% 10% 0% 4.1 4.2 4.3 Determining Understanding Understanding the scope of the the organization the needs and BCMS and its context expectations of interested parties
5.3 Roles, 6.1 Actions to 6.2 Business responsibilities address risks and continuity and authorities opportunities objectives and planning to achieve them
Purchase online at www.certikit.com For any questions, please email sales@certikit.com
7.4 7.5 Documented 8.1 Operational Communication information planning and control
8.6 Evaluation of 9.1 Monitoring, 9.2 Internal audit 9.3 Management 10.1 business measurement, review Nonconformity continuity analysis and and corrective documentation evaluation action and capabilities
10.2 Continual improvement