Passed Exam: Business Continuity Management Based on ISO/IEC 22301

3 Min. Read


Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.

Business continuity management is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. It provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities (Source: ISO 22301:2012).

The International Standard for Business Continuity Management ISO 22301 is a widely respected and referenced standard and provides a framework for the organization and management of a business continuity program. Implementing a program based on this standard will serve an organization well in its goal of meeting the protection of society from, and in response to, incidents, emergencies and disasters caused by intentional and unintentional human acts, natural hazards and technical failures. Its all-hazards perspective covers adaptive, proactive and reactive strategies in all phases before, during and after a disruptive incident.

As I started taking the shift towards information security and business continuity in my day to day job, I decided to study and sit for the ISO/IEC 22301 Business Continuity Management Foundation exam.

I am so happy and grateful now that I passed the ISO 22301 Business Continuity Management System Foundation. I figured that I would share my experience in this blog to help you prepare and tackle this exam successfully.

In this exam, I got 40 questions, and the total time for this exam is only 60 minutes. You have around 1.5 minutes per question to answer, otherwise, you will run out of time so be careful!!! To pass this exam, you need to answer 26 questions correctly which reflect 65% mark. The questions do pretty much match the list of skills measured below.

Exam Target Audience

The Certificate EXIN Business Continuity Foundation based on ISO 22301 has been created for those who are involved with or have an interest in the implementation of Business Continuity within their organization. This includes CEOs, CIOs, security officers and quality managers. It is also interesting for operational managers, developers, and technical teams.

The examination for EXIN Business Continuity Foundation based on ISO 22301 is intended for everyone in the organization who is involve in business continuity program. For example, individuals involved in Business Continuity Management, or individuals seeking to gain knowledge about the main processes of Business Continuity Management Systems (BCMS), or individuals interested to pursue a career in Business Continuity Management, as well as developing the Business Impact Analysis methodology.

Skills measured on this exam

This exam measures your ability to accomplish the topics listed below based on the latest update from EXIN:

Context of the Organization (20%)

  • The Organization and its Context
  • Business Continuity Management System (BCMS)

Leadership (15%)

  • Management Commitment & Policy
  • Roles & Responsibilities

Planning & Support (15%)

  • Planning
  • Support

Operation (40%)

  • Planning & Control
  • Business Impact Analysis & Risk Assessment
  • Strategy and Procedures

Performance Evaluation and Improvement (10%)

  • Exercising, Testing, Monitoring, Measurement, Analysis and Evaluation
  • Improvement

Lessons Learned and Exam Preparation

The key success to pass this exam is to work with Information Security and Business Continuity on a regular basis and specifically with ISO 22301 and ISO 27001 standards. Do not take this exam lightly, you need to study really well.

To prepare for this exam, I recommend Instructor-led classroom-based training. You can find a list of accredited training providers here. You can also order the following exam preparation book: Becoming Resilient – The definite guide to ISO 22301 Implementation – The plain English, step-by-step handbook for business continuity practitioners.

Additional reading is the International Standard Organization ISO 22313:2012, Societal security — Business continuity management systems – Guidance ISO, Switzerland, Geneva, 2012.

If you are planning to take this exam… I wish you all the best and Happy Studying!!!

Passed Exam: Business Continuity Management Based on ISO/IEC 22301 2

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts


How to Deploy a Secure FTP (SFTP) Service on Microsoft Azure

How to Configure Just-In-Time VM Access for Azure Firewall in Azure Security Center


Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!