Explanation The four phases of the Deming Cycle are Plan, Do, Check, and Act. The Deming Cycle, also known as the PDCA cycle, is a four-step model for continuous improvement of processes, products, or services. The cycle was developed by Dr. W. Edwards Deming, a pioneer of quality management, and is based on the scientific method of problem-solving. The four phases of the Deming Cycle are1: Plan: Identify the problem or opportunity, analyze the root causes, and establish the objectives and measures for improvement. Do: Implement the planned solution, test the results, and collect data for evaluation. Check: Compare the actual results with the expected results, identify the gaps and deviations, and analyze the effectiveness and efficiency of the solution. Act: Take corrective or preventive actions to close the gaps and prevent recurrence, standardize the solution, and communicate and document the lessons learned. The Deming Cycle is a dynamic and iterative process that can be applied to any type of process, product, or service. The cycle helps to ensure that the improvement is based on facts and data, and that the improvement is monitored and evaluated for further improvement. The Deming Cycle is also aligned with the structure and content of ISO 22301, the international standard for business continuity management systems (BCMS). ISO 22301 follows the Plan-Do-Check-Act approach to establish, implement, maintain, and improve a BCMS that enables an organization to prepare for, respond to, and recover from disruptive incidents2. References: PDCA (Plan-Do-Check-Act) Cycle in ISO 9001 Requirements - Advisera ISO 22301:2019 - NQA, page 9
ISO-22301-Lead-Auditor Exam Question 67
Which of the following document is owned by executive management and sets the purpose of BCM in an organisation?
Correct Answer: A
Explanation The document that is owned by executive management and sets the purpose of BCM in an organization is the Business Continuity Policy. The Business Continuity Policy is a high-level document that defines the scope, objectives, principles, and roles and responsibilities for business continuity management within the organization. It also demonstrates the commitment of top management to support and continually improve the BCMS. The Business Continuity Policy is one of the mandatory documents required by ISO 22301, the international standard for BCMS12. The other options are not correct because they are not documents that are owned by executive management and set the purpose of BCM in an organization. A Business Process Policy is a document that describes the procedures and rules for performing a specific business process, such as procurement, sales, or accounting. A Register is a document that records and tracks the status of certain items, such as risks, incidents, or assets. A Worksheet is a document that contains data and calculations, such as a spreadsheet or a form. References: 1: ISO 22301:2019, Security and resilience - Business continuity management systems - Requirements, 5.3 2: ISO 22301 Auditing eBook, Chapter 2.2.2
ISO-22301-Lead-Auditor Exam Question 68
Which three types of personal interview, which differs in terms of the structure, purpose and depth of information to be elicited? (Choose two)
Correct Answer: A,B,C
Explanation According to the ISO 22301 Auditing eBook, there are three types of personal interview, which differ in terms of the structure, purpose and depth of information to be elicited. They are: Fully structured interview: This type of interview follows a predefined set of questions that are asked in a fixed order. The interviewer does not deviate from the script and does not probe for additional information. The advantage of this type of interview is that it ensures consistency and comparability of data across different interviewees. The disadvantage is that it may not capture the nuances and complexities of the interviewee's responses, and may miss some important information that is not covered by the questions. Semi-structured interview: This type of interview has a general outline of topics or questions to be covered, but the interviewer has the flexibility to ask follow-up questions, clarify ambiguities, and explore new areas of interest that emerge during the conversation. The advantage of this type of interview is that it allows for a deeper and richer understanding of the interviewee's perspectives, opinions, and experiences. The disadvantage is that it may introduce some variability and bias in the data collection and analysis, depending on the interviewer's skills and style. Unstructured interview: This type of interview has no predetermined agenda or questions, and the interviewer relies on the natural flow of the conversation to guide the discussion. The interviewer may use some open-ended prompts or probes to elicit more information, but the interviewee has the freedom to express whatever they want. The advantage of this type of interview is that it can reveal unexpected and insightful information that may not be obtained through other methods. The disadvantage is that it may be difficult to manage, control, and summarize the data, and it may require more time and resources to conduct and analyze. References: : ISO 22301 Auditing eBook, Chapter 5: Audit Techniques, Section 5.2: Personal Interview, Page 63-64. 1of30
