ISO-22301-Lead-Auditor Exam Dumps : PECB Certified ISO 22301 Lead Auditor Exam

Policy formulation is the BCMS process that is used to develop a business continuity policy that sets out an operating framework. According to ISO 22301, the organization shall establish a business continuity policy that is appropriate to the purpose and context of the organization and provides a framework for setting business continuity objectives. The policy shall also demonstrate top management’s commitment to the BCMS and its continual improvement1. The policy formulation process involves the following steps2:

• Define the scope and objectives of the policy
• Identify the relevant internal and external issues and requirements
• Analyze the current state of the BCMS and the gaps to be addressed
• Draft the policy statement and the key principles and guidelines
• Review and approve the policy by the top management
• Communicate and distribute the policy to the relevant stakeholders
• Monitor and update the policy as needed References:
• ISO 22301:2019, clause 5.3
• ISO 22301 Auditing eBook, page 24

A personal interview is a type of interview that employs verbal questioning as its principal technique of data collection. It is a face-to-face conversation between the interviewer and the interviewee, where the interviewer asks open-ended or closed-ended questions to obtain information from the interviewee. A personal interview can be conducted in various settings, such as at the interviewee’s workplace, home, or a neutral location. A personal interview can be structured, semi-structured, or unstructured, depending on the level of flexibility and standardization of the questions. A personal interview can be used for different purposes, such as to assess the interviewee’s competence, motivation, attitude, or opinion on a certain topic. A personal interview can also be used to establish rapport, trust, and credibility between the interviewer and the interviewee. A personal interview can have various advantages and disadvantages, such as:

Advantages:

• It allows the interviewer to observe the interviewee’s body language, facial expressions, and tone of voice, which can provide additional insights into the interviewee’s feelings, emotions, and reactions.
• It enables the interviewer to probe deeper into the interviewee’s responses, clarify ambiguities, and ask follow-up questions to obtain more detailed and comprehensive information.
• It gives the interviewer the opportunity to adapt the questions and the pace of the interview according to the interviewee’s level of knowledge, interest, and responsiveness.
• It can increase the interviewee’s willingness to participate, cooperate, and disclose information, as the interviewer can establish a personal connection and a positive atmosphere with the interviewee.
• It can reduce the possibility of misunderstanding, misinterpretation, or distortion of the information, as the interviewer can verify and confirm the interviewee’s answers immediately.

Disadvantages:

• It can be time-consuming, costly, and labor-intensive, as it requires the interviewer to travel to the interviewee’s location, schedule the interview, and conduct the interview.
• It can be influenced by various biases, such as the interviewer’s expectations, preferences, stereotypes, or prejudices, which can affect the interviewer’s choice of questions, interpretation of answers, and evaluation of the interviewee.
• It can be affected by various factors, such as the interviewer’s skills, personality, appearance, or mood, which can influence the interviewer’s performance, behavior, and interaction with the interviewee.
• It can be subject to various errors, such as the interviewer’s memory, recall, or transcription errors, which can result in the loss, omission, or alteration of the information.
• It can pose various challenges, such as the interviewer’s difficulty in maintaining control, neutrality, or objectivity, or the interviewee’s reluctance, resistance, or dishonesty, which can hinder the quality and validity of the information.

References:

• PECB Certified ISO 22301 Lead Auditor eLearning Training Course1, Module 5: Conducting an ISO 22301 audit, Lesson 5.2: Communication during the audit, Slide 8: Types of interviews
• ISO 22301 Auditing eBook2, Chapter 5: Conducting an ISO 22301 audit, Section 5.2: Communication during the audit, Subsection 5.2.1: Types of interviews

A time-based objective is an objective that should be attainable within a given timeframe. Time-based objectives help to ensure that the organization is taking timely and realistic actions to achieve its desired outcomes and performance. Time-based objectives also help to monitor and measure the progress and results of the actions, as well as to identify and address any delays or deviations. Time-based objectives are one of the characteristics of the S.M.A.R.T. concept, which stands for Specific, Measurable, Achievable, Relevant, and Time-based. The S.M.A.R.T. concept is a useful tool for setting effective objectives that are clear, realistic, and meaningful. The S.M.A.R.T. concept is applicable to various types of objectives, such as business continuity objectives, recovery time objectives, recovery point objectives, minimum business continuity objectives, etc. According to the ISO 22301 Auditing eBook, "Time-bound: BCOs [Business Continuity Objectives] should be time-bound, with clear deadlines and timelines for achieving the objectives. This ensures that the organization is taking timely action to protect critical business functions during a disruptive incident."1 References:

• ISO 22301 Auditing eBook, Chapter 2: Business Continuity Concepts and Principles, Section 2.3: Business Impact Analysis2
• How to set ISO 22301 Business Continuity Objectives - Advisera1
• What is the Plan-Do-Check-Act (PDCA) Cycle?3