ISO 22301 Lead Auditor

ISO 22301 Lead Auditor training enables you to develop the necessary expertise to perform a Business Continuity Management System (BCMS) audit by applying widely recognized audit principles, procedures and techniques. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

Course objectives:

  • Understand the operations of a Business Continuity Management System based on ISO 22301
  • Acknowledge the correlation between ISO 22301 and other standards and regulatory frameworks
  • Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
  • Learn how to lead an audit and audit team
  • Learn how to interpret the requirements of ISO 22301 in the context of a BCMS audit
  • Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011

Audience:

  • Auditors seeking to perform and lead Business Continuity Management System (BCMS) certification audits
  • Managers or consultants seeking to master a Business Continuity Management System audit process
  • Individuals responsible for maintaining conformance with Business Continuity Management System requirements
  • Technical experts seeking to prepare for a Business Continuity Management System audit
  • Expert advisors in Business Continuity Management

Prerequisites: 

A fundamental understanding of ISO 22301 and comprehensive knowledge of audit principles.
 

Day 1 – Introduction to Business Continuity Management Systems (BCMS) and ISO 22301

The course begins with an overview of the course objectives and structure, providing participants with a clear understanding of the training pathway and certification expectations.

Participants are introduced to relevant standards and regulatory frameworks that influence business continuity and organisational resilience. The certification process is explained to clarify requirements and assessment criteria.

The day continues with an exploration of the fundamental principles of Business Continuity Management Systems (BCMS) and a detailed overview of ISO 22301 requirements. Participants gain a solid understanding of how a BCMS is structured and how it supports organisational preparedness and operational continuity.

Day 2 – Audit principles, preparation and launching of an audit

Day two focuses on fundamental audit concepts and principles applicable to ISO 22301. Participants explore auditing ethics, independence, objectivity and structured methodologies.

An evidence-based audit approach is introduced, emphasising how to collect, verify and evaluate audit evidence effectively.

The session continues with guidance on initiating the audit, conducting a Stage 1 audit and preparing for the Stage 2 on-site audit.

The first part of the Stage 2 audit process is introduced, helping participants understand how to structure and plan on-site audit activities.

Day 3 – On-site audit activities

This day is dedicated to the practical execution of on-site audit activities. Participants continue with Stage 2 audit activities and learn how to conduct interviews, review documentation and evaluate operational controls.

Communication during the audit is emphasised, ensuring participants understand how to interact professionally with auditees and management.

Audit procedures and the creation of audit test plans are explored to ensure systematic evaluation of conformity.

The day concludes with drafting audit findings and non-conformity reports, focusing on clarity, objectivity and alignment with ISO 22301 requirements.

Day 4 – Closing the audit

Day four focuses on formal audit closure activities. Participants learn how to document the audit and perform quality reviews of audit findings.

The process of formally closing the audit is addressed, including conducting closing meetings and presenting conclusions to stakeholders.

Participants examine how to evaluate corrective action plans and assess their adequacy.

The benefits of the initial audit are discussed, along with managing an internal audit programme to ensure ongoing conformity and continual improvement.

The day also covers competence requirements and evaluation of auditors to maintain professional standards.

Day 5 – Certification Exam

The final day is dedicated to exam preparation and completion of the certification examination. Participants review key topics and clarify complex concepts before sitting the official exam in accordance with certification body procedures.

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. For more information about ISO 22301 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

The requirements for PECB Auditor Certifications are:

Certification 22301 Lead Auditor.png

Exam

The exam is will take place at the end of the course on onsite classroom courses

For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send from PECB.

Test details:

  • The exam duration is three (3) hours. Non-native speakers receive an additional half an hour.
  • The exam contains essay type questions. 

As the exam is an Multiple Choice Open book exam, candidates are authorized to use:

  • A copy of the General Data Protection Regulation;
  • Course notes from the Participant Handout;
  • Any personal notes made by the student during the course; and
  • A hard copy dictionary

Examination rules and policies


RECEIVE YOUR EXAM RESULTS

Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.

Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.

In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.

Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.

EXAM RETAKE POLICY

There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:

  • Students, who have completed the full training but failed the written exam, are eligible to retake the exam once for free within a 12 month period from the initial date of the exam.
  • If a candidate does not pass the exam on the second attempt, he/she must wait 3 months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee applies.
  • If a candidate does not pass the exam on the third attempt, he/she must wait 6 months (from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.

After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.

For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.

To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.

Practical information

Duration: 5 days
Price: 29 900 NOK
Language: English
Format: Open course and corporate training

FAQ

Hva lærer jeg på dette kurset?
Du lærer hvordan du planlegger, gjennomfører, rapporterer og følger opp revisjoner av et Business Continuity Management System i tråd med ISO/IEC 22301.

Hva kreves for å delta?
Det anbefales at du har god kjennskap til ISO/IEC 22301, enten gjennom Foundation-kurs eller praktisk erfaring med business continuity og beredskapsarbeid.

Hvordan gjennomføres eksamen?
Eksamen gjennomføres enten fysisk på kursstedet eller online med voucher og online eksamensvakt, avhengig av kursformat.

Hva skjer hvis jeg ikke består første eksamen?
Du får vanligvis ett nytt eksamensforsøk som gjennomføres online i henhold til sertifiseringsorganets regler.

Får jeg ekstra tid på eksamen?
Ja, ekstra tid kan gis dersom engelsk ikke er ditt morsmål, i tråd med sertifiseringsreglene.

Hvilken sertifisering får jeg?
Etter godkjent eksamen oppnår du PECB Certified ISO 22301 Provisional Auditor sertifiseringen. For å få full sertifisering kan det også stilles krav til dokumentert arbeidserfaring. Sjekk tabellen under sertifisering for mer informasjon.

Får jeg ISO-standaren?
Nei, men du får tilgang til en lånestandar som du kan bruke under kurset og eksamen. 

Hva er forskjellen på Lead Implementer og Lead Auditor?
Lead Implementer fokuserer på å etablere og drifte et BCMS, mens Lead Auditor fokuserer på å evaluere og revidere systemet i henhold til ISO 22301.

Er dette kurset relevant for ledere?
Ja, kurset er relevant for ledere, internrevisorer, compliance-ansvarlige og fagpersoner med ansvar for revisjon, kvalitet og kontinuitetsstyring.

Kan jeg ta dette kurset som e-læring eller selvstudium?
Ja, dette kurset tilbys også som e-læring. Påmelding kan registreres på høyre side.

See other relevant courses:

Other subject areas:

Andre relevante kurs

ISO 22301 Foundation
11. mai
2 dager
Classroom Virtual
ISO 22301 Lead Implementer
1. juni
5 dager
Classroom Virtual
ISO 22301 Introduction
1 dager
Classroom
PECB Certified Lead Cybersecurity Manager
8. juni
5 dager
Classroom Virtual