Governance is the initiative of Business Continuity Management that is a regulatory system that controls an organization and its activities. Governance refers to the set of policies, processes, roles, and responsibilities that define how an organization is directed and managed. Governance ensures that the organization's objectives, strategies, and operations are aligned with the expectations and needs of its stakeholders, such as customers, employees, regulators, and shareholders. Governance also provides oversight and accountability for the organization's performance, risks, compliance, and continuity.

Business Continuity Management (BCM) is a key component of governance, as it enables the organization to protect its critical assets and functions, and to respond and recover from disruptive incidents. BCM helps the organization to maintain its reputation, resilience, and value in the face of uncertainty and crisis. BCM also supports the organization's compliance with relevant laws, regulations, standards, and best practices, such as ISO 22301, the international standard for business continuity management systems.

Therefore, governance is the initiative of Business Continuity Management that is a regulatory system that controls an organization and its activities, by providing direction, oversight, and accountability for the organization's continuity and resilience.Reference:

ISO 22301 Auditing eBook, Chapter 1: Introduction to Business Continuity Management, Section 1.1: What is Business Continuity Management?, Page 4

ISO 22301 Auditing eBook, Chapter 2: Introduction to ISO 22301, Section 2.1: What is ISO 22301?, Page 9

ISO 22301 Auditing eBook, Chapter 3: Business Continuity Management System, Section 3.1: Context of the Organization, Page 13

ISO 22301 Auditing eBook, Chapter 3: Business Continuity Management System, Section 3.2: Leadership, Page 16

The Check step in the PDCA cycle is the stage where the results are analyzed. It involves monitoring and evaluating the actions taken in the Do step. It is used to determine the effectiveness of the plan and to avoid recurring mistakes. The Check step identifies and assesses issues in the management process, such as gaps, nonconformities, risks, and opportunities. The Check step also involves collecting and analyzing data and information related to the performance and effectiveness of the BCMS. This can be done through various methods, such as audits, reviews, tests, exercises, surveys, and feedback. The Check step provides valuable input for the Act step, where corrective and preventive actions are taken to address the issues and improve the BCMS.Reference:: ISO 22301 Auditing eBook, page 11 : ISO 22301:2019, clause 9.1 :The Plan-Do-Check-Act (PDCA) Cycle: A Guide to Continuous Improvement:Plan-Do-Check-Act Cycle - BCMpedia

The Incident Management Structure (IMS) is a framework for organizing and managing the response to a disruptive incident. The IMS defines three levels of management activities: strategic, tactical, and operational. The strategic level is responsible for setting the overall direction and objectives of the response, as well as allocating resources and coordinating with external stakeholders. The tactical level is responsible for implementing the strategic decisions and managing the operational teams. The tactical level also monitors the situation and reports to the strategic level. The operational level is responsible for executing the specific tasks and actions required to achieve the objectives of the response. The operational level also provides feedback to the tactical level on the progress and issues encountered.Reference:

ISO 22301 Auditing eBook, Chapter 4: Incident Response and Recovery, Section 4.2: Incident Management Structure1

ISO 22320:2018(en), Security and resilience --- Emergency management --- Guidelines for incident management2

According to ISO 22301 Auditing eBook, Chapter 2.1.2, a business continuity champion is a person who represents the executive management perspective in setting up the expectation for business continuity management (BCM). The business continuity champion is responsible for ensuring that the BCM policy and objectives are aligned with the strategic direction of the organization, and that the necessary resources and support are provided for the implementation and maintenance of the business continuity management system (BCMS). The business continuity champion also acts as a liaison between the executive management and the business continuity manager, who is the person in charge of the operational aspects of the BCMS.Reference: ISO 22301 Auditing eBook, Chapter 2.1.2.

Scope is the term that defines the area of operation in which the task and its activities should be performed, as described in ISO 22301. Scope is one of the key elements of a business continuity plan (BCP), which is a documented information that specifies the procedures and resources needed to manage a disruptive incident and ensure the continuity of the organization's critical functions. Scope helps to define the boundaries and applicability of the BCP, as well as the roles and responsibilities of the involved parties. Scope also helps to ensure the consistency and compatibility of the BCP with the organization's business continuity objectives and strategies.Scope is one of the key requirements of ISO 22301, as it provides the basis for planning, implementing, monitoring, reviewing, and improving the business continuity management system (BCMS).Reference: ISO 22301 Auditing eBook, page 361; ISO 22301:2019, clause 8.4.22