callicon +1 833 297 2816
whatsAppIcon +1 833 297 2816
emailIcon info@koenig-solutions.com
koenig-logo
Login
whatsAppIcon +1 833 297 2816
phoneIcon +1 833 297 2816
koenig-logo

ISO 22301 Lead Auditor Quiz Questions and Answers

Answer :
  • The lack of staff awareness

Explanation :

The staff of RDK attended trainings that presumably enhanced their set of skills necessary for task completion. Nonetheless, they were not trained nor made aware of potential risks that the company can be subject to, such as cyberattacks. Similarly, the lack of awareness is a reason why they were unable to undertake any action during or after the incident, given that their roles and responsibilities were not defined.
Answer :
  • Due to the necessity of minimizing the negative impacts of any operational interruption

Explanation :

Business continuity management derives from the Information Technology Disaster Recovery (ITDR), which addressed the issue of losing critical data since companies started using computers for their everyday work. Currently, business continuity management is regarded as a discipline that significantly reduces the magnitude of negative impacts deriving from business disruptions.
Answer :
  • Issue a nonconformity, as the policy was not available and the staff and other interested parties could not access it

Explanation :

The auditor should not overlook the fact that the business continuity policy is not made available to interested parties. Instead, the auditor should report this nonconformity as ISO 22301 requires organizations to maintain the business continuity policy as documented information and ensure that it is available for all the interested parties of the organization.
Answer :
  • Recommendation for certification, conditional upon filing of corrective actions

Explanation :

In this case, the auditor provides a recommendation for certification, conditional upon the filing of corrective action plans. The auditee is required to submit corrective action plans for each minor nonconformity within a reasonable period of time. If the corrective action plans are accepted, the auditee can then be certified.
Answer :
  • The auditor issues a corrective action request, the auditee prepares a corrective action plan, the auditor evaluates the adequacy of the responses

Explanation :

If a nonconformity is detected and the certification recommendation is conditional upon filing corrective actions, the auditor should demand corrective actions from the auditee. The auditee should then prepare a corrective action plan. Afterward, the auditor should evaluate the adequacy of the auditee’s responses.
Answer :
  • The auditor should be informed about the presence of an observer prior to the commencement of the audit

Explanation :

For observers, any arrangements for access, health and safety, environmental, security, and confidentiality should be managed between the audit client and the auditee. The audit team leader should have the right to deny observers from being present during certain audit activities if they interfere in the process.
Answer :
  • Business impact analysis

Explanation :

The organization shall use the process for analyzing business impacts to determine business continuity priorities and requirements. The process shall identify the activities that support the provision of products and services and determine which resources are needed to support prioritized activities.
Answer :
  • Business impact analysis; recovery strategies; plan development; tests and exercises

Explanation :

To ensure the successful implementation of the BCMS, an organization should have a process for business continuity planning. This process consists of the following steps: conducting business impact analysis, identifying recovery strategies, developing a plan, and conducting tests and exercises.
Answer :
  • Determining the approach and data collection method

Explanation :

The initial activity that should be undertaken when planning the BIA is determining the approach and data collection method. The insights generated from the data collection process, then, serve to identify key products and services, select the impacts to be analyzed, and prepare the BIA tools
Answer :
  • Lack of professional skepticism

Explanation :

Displaying a professional attitude of skepticism is important in minimizing the risk of drawing false audit conclusions. As such, rather than relying on the word of the auditee, auditors should look for evidence to support the claims of the representatives of the auditee.