Scenario:Headquartered in Sri Lanka, Operons Inc. is a freight forwarding company that adopted a BCMS aligned with ISO 22301. Prior to the certification audit, Operons Inc. measured gaps between their BCMS and the standard's requirements to ensure compliance. The certification body was contracted to conduct the audit, and a biased auditor from a previous ISO 9001 audit was replaced upon request. During the audit, two minor nonconformities were identified, and the audit team issued a recommendation for certification.Based on Scenario 8, Operons Inc. contracted the same certification body that had conducted the ISO 9001 audit and requested more information about the competence and skills of the audit team. Is this acceptable?
An organization is focused on eliminating the root causes of nonconformities. Which action did they take?
Scenario:Marketiser, a marketing company in Florida specializing in branding, advertising, market research, and design services, primarily serves small and medium-sized enterprises. After a devastating hurricane caused severe flooding and rendered its office unusable, Marketiser decided to implement a BCMS based on ISO 22301 to handle such disruptions.The company formed a project team of four members from various departments and appointed Danielle as the project manager. Danielle conducted a comprehensive business impact analysis (BIA) focusing on activities related to data loss and backup recovery, recognizing the critical importance of safeguarding digital assets. She set specific recovery objectives, including a one-day recovery point objective (RPO) and a two-day recovery time objective (RTO).Based on the BIA outcomes, the team chose a business continuity strategy that involved relocating preconfigured trailers with essential hardware and connectivity to an alternate site. Considering Marketiser's vulnerability to hurricanes, the strategy allowed swift activation and relocation with minimal lead time. To validate their strategy, Danielle and the team conducted real-time recovery exercises, testing their ability to restore data and resume critical operations within the defined RTO.In Scenario 5, Danielle determined the recovery time objective (RTO) to be up to two days. Is this acceptable?
What is the role of the crisis management team in the response team?
Scenario:Initar, an IT security service company in New Jersey, provides 24/7 cloud and IT infrastructure support to mid-sized companies. Recognizing the need for a robust business continuity strategy, Initar transitioned from informal business continuity planning to implementing a BCMS based on ISO 22301.During the BCMS implementation, a major nonconformity was identified: the BIA report lacked a defined Maximum Tolerable Period of Disruption (MTPD), which is required by ISO 22301. The corrective action process began with the IT team conducting a root cause analysis using a cause-and- effect diagram. Based on the analysis, an action plan was drafted to update all BIAs and establish the MTPD. The plan was approved by the head of the IT department, who monitored its implementation, while the internal auditor reviewed the effectiveness of the corrective action.According to Scenario 7, the internal auditor followed up on the corrective action and reviewed its effectiveness. Is this acceptable?