ISO 22301 Audit Checklist
A clause-by-clause audit checklist for ISO 22301 that helps you verify your business continuity management system meets every requirement of the standard.
Why Use an ISO 22301 Checklist?
ISO 22301 sets the requirements for a business continuity management system (BCMS). Organisations use it to prepare for, respond to, and recover from disruptive incidents. A structured audit checklist ensures you systematically verify every clause during internal audits, producing the documented evidence needed for certification and management review.
What's Included
- Clause-by-clause audit questions covering Clauses 4 through 10
- Business impact analysis verification to confirm critical activities and recovery priorities
- Risk assessment questions for threats to business continuity
- Business continuity strategy and solution evaluation items
- Exercise and testing programme review section
- Compliance, non-compliance, and observation columns with space for evidence notes
How to Use This Checklist
- Scope your audit — determine which sites, processes, and recovery plans will be assessed
- Review previous exercises — check test results and open actions from prior audits
- Work through each clause — follow the checklist systematically, gathering evidence at each step
- Verify recovery capabilities — confirm that plans, resources, and communication procedures are adequate
- Record findings and agree actions — classify results and set deadlines for corrective actions