You dont have javascript enabled! Please enable it!

Passed Exam: Business Continuity Management Based on ISO/IEC 22301

3 Min. Read

The increase in cyber security issues in the press seems relentless. Organizational leaders in all types of industries are looking for capable security managers to navigate them safely through the dangers of this highly connected world.

In this article, we will share with you how to prepare and pass the Business Continuity Management exam based on ISO/IEC 22301.


Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.

Business continuity management is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. It provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities (Source: ISO 22301:2012).

The International Standard for Business Continuity Management ISO 22301 is a widely respected and referenced standard and provides a framework for the organization and management of a business continuity program. Implementing a program based on this standard will serve an organization well in its goal of meeting the protection of society from and in response to, incidents, emergencies, and disasters caused by intentional and unintentional human acts, natural hazards, and technical failures. Its all-hazards perspective covers adaptive, proactive, and reactive strategies in all phases before, during, and after a disruptive incident.

As I started making the shift towards information security and business continuity in my day-to-day job, I decided to study and sit for the ISO/IEC 22301 Business Continuity Management Foundation exam.

I am so happy and grateful now that I passed the ISO 22301 Business Continuity Management System Foundation. I figured that I would share my experience in this blog to help you prepare and tackle this exam successfully.

In this exam, I got 40 questions, and the total time for this exam is only 60 minutes. You have around 1.5 minutes per question to answer, otherwise, you will run out of time so be careful!!! To pass this exam, you need to answer 26 questions correctly which reflects a 65% mark. The questions do pretty much match the list of skills measured below.

Exam Target Audience

The Certificate EXIN Business Continuity Foundation based on ISO 22301 has been created for those who are involved with or have an interest in the implementation of Business Continuity within their organization. This includes CEOs, CIOs, security officers, and quality managers. It is also interesting for operational managers, developers, and technical teams.

The examination for EXIN Business Continuity Foundation based on ISO 22301 is intended for everyone in the organization who is involved in the business continuity program. For example, individuals involved in Business Continuity Management, individuals seeking to gain knowledge about the main processes of Business Continuity Management Systems (BCMS), or individuals interested to pursue a career in Business Continuity Management, as well as developing the Business Impact Analysis (BIA) methodology.

Skills measured on this exam

This exam measures your ability to accomplish the topics listed below based on the latest update from EXIN:

Context of the Organization (20%)

  • The Organization and its Context
  • Business Continuity Management System (BCMS)

Leadership (15%)

  • Management Commitment & Policy
  • Roles & Responsibilities

Planning & Support (15%)

  • Planning
  • Support

Operation (40%)

  • Planning & Control
  • Business Impact Analysis & Risk Assessment
  • Strategy and Procedures

Performance Evaluation and Improvement (10%)

  • Exercising, Testing, Monitoring, Measurement, Analysis, and Evaluation
  • Improvement

Lessons Learned and Exam Preparation

The key success to pass this exam is to work with Information Security and Business Continuity on a regular basis and specifically with ISO 22301 and ISO 27001 standards. Do not take this exam lightly, you need to study really well.

To prepare for this exam, I recommend Instructor-led classroom-based training. You can find a list of accredited training providers here. You can also order the following exam preparation book: Becoming Resilient – The definite guide to ISO 22301 Implementation – Plain English, step-by-step handbook for business continuity practitioners.

Additional reading is the International Standard Organization ISO 22313:2012, Societal security — Business continuity management systems – Guidance ISO, Switzerland, Geneva, 2012.

If you are planning to take this exam… I wish you all the best and Happy Studying!!!

Passed Exam: Business Continuity Management Based on ISO/IEC 22301 1

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


How to Deploy a Secure FTP (SFTP) Service on Microsoft Azure

How to Configure Just-In-Time VM Access for Azure Firewall in Azure Security Center


Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in 'Black' by selecting the Code. Thank You!