Professional Documents
Culture Documents
Preparation Guide
All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
system or circulated in any form by print, photo print, microfilm or any other means without written permission by EXIN.
1. Overview 4
2. Exam requirements 6
3. List of Basic Concepts 10
4. Literature 11
Scope
The subjects of this module are:
The content of ISO22301:2012, Societal Security Business Continuity Management -
Requirements;
The implementation phases of the ISO22301;
The implementation elements of the ISO22301;
Implementing system management;
The Plan-Do-Check-Act cycle within this framework;
Management involvement;
Business Impact Analysis;
Risk Analysis;
Communication plan.
Summary
Business continuity management is a holistic management process that identifies potential
threats to an organization and the impacts to business operations those th reats, if realized,
might cause. It provides a framework for building organizational resilience with the capability of
an effective response that safeguards the interests of its key stakeholders, reputation, brand
and value-creating activities (Source: ISO 22301:2012).
Context
The Certificate EXIN Business Continuity Management is part of the overall qualification
scheme for Cyber Security.
Target group
Everyone in the organization must be aware of the Business and its Continuity. This certification is
directed at candidates who are involved or have an interest in the implementation of Business
Continuity within their organization: CEOs, CIOs, Security Officers and Quality Managers,
Operational Managers, Developers, Business and Technical Teams; for when the Continuity of an
organization comes to a halt for whatever reason, everyone in the organization must be aware of
the consequences and the solutions.
The Rules and Regulations for EXINs examinations apply to this exam.
Training
Contact hours
The recommended number of contact hours for this training course is 24. This includes group
assignments, exam preparation and short breaks. This number of hours does not include
homework, logistics for exam preparation and lunch breaks.
Training provider
You can find a list of our accredited training providers at www.exin.com.
2. Leadership 15
2.1 Management commitment & Policy
2.2 Roles & Responsibilities
4. Operation 40
4.1 Planning & Control
4.2 Business Impact Analysis & Risk Assessment
4.3 Strategy and procedures
2. Leadership 15%
2.1 Management commitment & Policy
The candidate understands the importance of management commitment in planning for and
managing the business continuity system
The candidate can
2.1.1 explain the vital implications of management commitment
2.1.2 describe how top management can demonstrate its commitment to managing
business continuity
2.1.3 explain the elements of a business continuity policy
2.2 Roles & Responsibilities
The candidate understands the roles, responsibilities and authorities of staff involved in
planning for and managing business continuity
The candidate can
2.2.1 describe the different roles in planning for and managing business continuity
2.2.2 identify the necessary competences in planning for and managing business
continuity
3. Planning & Support 15%
4. Operation 40%
4.1 Planning & Control
The candidate understands the elements of the operational part of the BCMS
The candidate can
4.1.1 name the elements of the BCMS
4.1.2 identify control mechanisms within the BCMS for effective operational planning and
control
4.1.3 describe how effective management of the BCM environment is established
4.1.4 describe how effective maintenance of business continuity is established
4.1.5 list outcomes indicative of an effective BCM
Please note that knowledge of these terms alone does not suffice for the exam; the candidate must
understand the concepts and be able to provide examples.
Activity Maintaining
Analysis Management review
Analyzing Management system
Audit Maximum Acceptable Outage (MAO)
Awareness Maximum Tolerable Period of Disruption (MTPD)
Business Continuity (BC) Measurement
Business Continuity Management (BCM) Minimum Activity Level (MAL)
Business Continuity Management System (BCMS) Minimum Business Continuity Objective (MBCO)
Business Continuity Plan (BCP) Monitoring
Business Continuity Program Mutual Aid Agreement
Business Impact Analysis (BIA) Nonconformity
Commitment Objective
Communication Opportunity
Competence Organization
Conformity Outsourcing
Context Performance
Continual improvement Performance evaluation
Correction Personnel
Corrective action Policy
Criteria Procedure
Document Process
Documented information Products
Document Management System (DMS) Prioritized activities
Effectiveness Record
Establishing Recovery Point Objective (RPO)
Evaluating Recovery Time Objective (RTO)
Evaluation Requirement
Event Resource(s)
Exercise Risk
Exercising Risk appetite
Expectations Risk Assessment (RA)
Factors Risk management
Implementing Roles and Responsibilities
Incident Services
Infrastructure Stakeholder
Interested party Testing
Internal audit Top management
Invocation Verification
Leadership Work environment
Additional Literature
B International Standard Organization
ISO 22301:2012
Societal security -- Business continuity management systems --- Requirements
ISO, Switzerland, Geneva, 2012
Notes:
- Additional literature is for in depth knowledge.
Literature reference
www.exin.com