According to ISO 22301 Lead Auditor objectives and content, workshops are one of the methods that can be used to conduct a business impact analysis (BIA). Workshops bring a group of people together into a discussion, where they can share their knowledge, opinions, and perspectives on the organization's processes, resources, dependencies, and impacts. Workshops can help to identify and prioritize the critical activities and resources that are essential for the continuity of the organization's operations. Workshops can also facilitate the communication and collaboration among different stakeholders, such as process owners, managers, employees, and customers. Workshops can be conducted in various formats, such as face-to-face, online, or hybrid, depending on the availability and preferences of the participants.Workshops should be planned and facilitated by a competent person, who can guide the discussion, ask relevant questions, collect and document the information, and ensure the validity and consistency of the results.Reference: ISO 22301 Auditing eBook, page 381; ISO 22301 Clause 8.2 Business impact analysis and risk assessment2

According to ISO 22301 Lead Auditor objectives and content, a qualitative approach is a type of approach that has a straightforward process based on informed judgement supported by appropriate guidance. A qualitative approach is used to assess the impacts and risks of a disruption to the organization's processes, resources, and objectives. A qualitative approach relies on the subjective evaluation of the likelihood and severity of the disruption, as well as the effectiveness of the existing controls and mitigation measures. A qualitative approach can use descriptive scales, such as low, medium, and high, to rank the impacts and risks. A qualitative approach can also use tools, such as matrices, diagrams, and checklists, to facilitate the analysis and communication of the results.A qualitative approach is suitable for organizations that have limited data, resources, or time to conduct a quantitative approach, which requires more complex and objective calculations and measurements.Reference: ISO 22301 Auditing eBook, page 401; ISO 22301 Clause 8.2.2 Risk assessment2

Corporate Services and Information Technology are the functions that provide a range of physical and technological infrastructure services to all other functions, such as human resources, finance, legal, procurement, facilities, security, IT systems, networks, applications, databases, etc. These functions are essential for the continuity of the organization's operations, as they support the delivery of products and services to customers and stakeholders. Therefore, they need to be included in the scope and objectives of the business continuity management system (BCMS), and their roles and responsibilities need to be defined and communicated.Reference: ISO 22301 Auditing eBook, Chapter 2: Business Continuity Management System (BCMS), Section 2.1: Scope and Objectives, page 23.

According to ISO 22301 Auditing eBook, Chapter 2.1.2, a business continuity champion is a person who represents the executive management perspective in setting up the expectation for business continuity management (BCM). The business continuity champion is responsible for ensuring that the BCM policy and objectives are aligned with the strategic direction of the organization, and that the necessary resources and support are provided for the implementation and maintenance of the business continuity management system (BCMS). The business continuity champion also acts as a liaison between the executive management and the business continuity manager, who is the person in charge of the operational aspects of the BCMS.Reference: ISO 22301 Auditing eBook, Chapter 2.1.2.

According to ISO 22301:2019, clause 10, improvement consists of two elements: nonconformity and corrective action, and continual improvement. Nonconformity and corrective action is the process of identifying and addressing any deviations from the requirements of the standard or the organization's own policies and procedures. It involves taking actions to eliminate the causes of nonconformities, prevent their recurrence, and reduce their impact. Continual improvement is the process of enhancing the suitability, adequacy, and effectiveness of the BCMS and its performance. It involves identifying and implementing opportunities for improvement based on the results of monitoring, measurement, analysis, evaluation, internal audit, and management review.Reference:: ISO 22301 Auditing eBook, page 11 : ISO 22301:2019, clause 10 :ISO 22301: Clause 10 - Improvement -- ISO Templates and Documents Download:ISO 22301 continuous improvement -- How to achieve it - Advisera