Master PECB ISO-22301-Lead-Auditor Exam with Reliable Practice Questions

Correct : A

Business continuity objectives are the objectives that take the form of targets to enhance organizational resilience, as defined by ISO 22301. Business continuity objectives are derived from the business continuity policy and the results of the business impact analysis (BIA) and risk assessment (RA). Business continuity objectives are measurable, consistent, and relevant to the organization's business continuity requirements and strategies. Business continuity objectives are also aligned with the organization's strategic direction and communicated to all relevant parties.Business continuity objectives are one of the key requirements of ISO 22301, as they provide the basis for planning, implementing, monitoring, reviewing, and improving the business continuity management system (BCMS).Reference: ISO 22301 Auditing eBook, page 281; ISO 22301:2019, clause 6.22

Correct : A

Corporate structure outlines the management hierarchy of the organization, such as the board of directors, the executive management, the business units, the departments, the teams, and the individuals. It defines the roles, responsibilities, authorities, and accountabilities of the organizational members, as well as the reporting and communication lines. Corporate structure also reflects the organization's culture, values, vision, mission, and strategic objectives. It is important for the organization to have a clear and effective corporate structure that supports the implementation and operation of the business continuity management system (BCMS) and ensures the alignment of the business continuity objectives with the strategic direction of the organization.Reference: ISO 22301 Auditing eBook, Chapter 2: Business Continuity Management System (BCMS), Section 2.1: Scope and Objectives, page 23.

Correct : D

Corporate defences are the measures and mechanisms that an organization implements to protect itself from internal and external threats and disruptions. Corporate defences include guidelines, procedures, and physical control systems that aim to prevent, detect, respond to, and recover from incidents that may affect the organization's assets, operations, performance, reputation, or continuity. Corporate defences are an essential component of business continuity management, as they help to ensure the organization's resilience and sustainability in the face of uncertainty and volatility. Corporate defences should be aligned with the organization's objectives, values, and culture, as well as the requirements and expectations of its stakeholders.Corporate defences should also be based on a systematic assessment of the organization's risks and opportunities, as well as the best practices and standards for business continuity, such as ISO 223011.Reference:

ISO 22301:2019 - Security and resilience --- Business continuity management systems --- Requirements1

ISO 22301 Auditing eBook, Chapter 2: Business Continuity Concepts and Principles, Section 2.5: Corporate Defences2

Correct : B

According to the ISO 22301 Auditing eBook, there are five types of strategies involved in the process-centric approach to business continuity management. They are:

Business continuity strategy: This is the overall approach that provides a framework for ensuring the continuity of an organization's critical functions in the event of a disruption. It defines the objectives, scope, principles, and policies of the business continuity management system (BCMS).

Recovery strategy: This is the specific approach that defines how an organization will restore its critical functions within a predefined time frame after a disruption. It identifies the resources, actions, and procedures required to recover the critical functions and resume normal operations.

Continuity strategy: This is the specific approach that defines how an organization will maintain its critical functions during a disruption. It identifies the alternative arrangements, methods, and modes of operation that will enable the organization to continue delivering its products or services at an acceptable level of performance.

Mitigation strategy: This is the specific approach that defines how an organization will reduce the likelihood and/or impact of a disruption. It identifies the preventive and protective measures that will minimize the exposure and vulnerability of the organization to potential threats and risks.

Response strategy: This is the specific approach that defines how an organization will react to a disruption. It identifies the roles, responsibilities, and authorities of the incident management team, the communication channels and protocols, and the escalation and notification procedures.

Correct : B

The step that collates and validates all resource requirements of the selected continuity solutions is thecompilestep. This step involves gathering all the information about the resources needed to implement and operate the continuity solutions, such as human resources, equipment, facilities, materials, suppliers, partners, etc.The compile step also involves verifying that the resource requirements are realistic, feasible, and consistent with the organization's objectives, policies, and budget1.