ISO 22301 Lead Auditor

ISO 22301 Lead Auditor Course prepares professionals to plan and conduct audits of Business Continuity Management Systems, assessing BCMS conformity and effectiveness against the requirements of ISO 22301. The training addresses the complete audit process, with a focus on evidence, consistency and professional judgement.

Register
Companies: request a proposal

Quick Access:   Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Programme· Exam & Certification· Other information· Benefits· Logistics· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.

13 May 2026
Live Online • next edition
6 July 2026
Live Online • base price
Duration: 4 days / 40h
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 4h
SPECIALIST LEVEL — advanced competences to address critical challenges in the area.

Why this course exists

To turn ISO 22301 requirements into real, evidence-based auditing aligned with international audit best practices.

Many organisations implement or maintain a BCMS, but struggle when they need to demonstrate conformity, auditable evidence and readiness to respond to internal and external audits. This course prepares professionals to structure an Audit Programme, lead teams and conduct audits of a Business Continuity Management System, with method, consistency and results orientation.

What this course enables you to do

Structure

Design and maintain an audit programme, internal and/or external, aligned with ISO 22301 and audit best practices.

Plan

Prepare and plan audits, including objectives, criteria, scope, team, plan and approach, including Stage 1 and Stage 2 audits.

Conduct

Execute audits using appropriate methods for collecting and verifying evidence, effective communication and team management in real contexts.

Conclude

Record findings and nonconformities, build conclusions, produce reports and manage follow-up, supporting the maintenance of ISO 22301 certification.

Frameworks, standards and best practices addressed throughout the course

ISO 22301
ISO 22300 family
ISO 22313
ISO 19011
ISO/IEC 17021-1
ISO/IEC 17021-6
ISO/IEC 17024
Audit Programme
Stage 1 & Stage 2
BEHAVIOUR methodology — step-by-step

Value for the organisation

  • Greater governance and control capability over the BCMS, with structured internal audits and consistent evidence.
  • Reduced risk of critical nonconformities in external audits, through preparation and method.
  • Continuous improvement based on findings, corrective actions and auditable follow-up.
  • More competent teams to interact with Certification Bodies and support the maintenance of ISO 22301 certification.

Introduction

The ISO 22301 Lead Auditor course is supported by a case study and challenges participants to audit a Business Continuity Management System (BCMS) based on the requirements of ISO 22301 and internationally recognised audit best practices.

In addition to understanding concepts, principles and requirements, the course focuses on the ability to put into practice an ISO 22301 Audit Programme, based on a customised audit methodology proposed by BEHAVIOUR, including the development of resources, templates and tools required to support internal and external audits.

The fundamental knowledge from the Business Continuity 22301 Foundation course is included in this course and, for that reason, participation in or certification at Foundation level is not a prerequisite.

The ISO 22301 Lead Auditor course is updated with the latest published editions of all related best practices, including any preliminary published version where applicable.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

At the end of this course, participants will be able to:

  • Understand fundamental business continuity concepts and the main requirements of ISO 22301.
  • Know the correlation of the ISO 22300 family, including ISO 22301, ISO 22313 and relevant practices, legislation and regulation.
  • Understand the ISO 22301 certification process.
  • Understand fundamental audit concepts and principles based on ISO 19011.
  • Establish, implement, maintain and improve an internal audit programme aligned with ISO 22301 and supported by audit best practices.
  • Understand requirements and know how to prepare and plan ISO 22301 audits of a BCMS.
  • Understand roles, including the role of the auditor, competence requirements and communication requirements for successful audits.
  • Conduct internal and external ISO 22301 audits, 1st, 2nd and 3rd party, including Stage 1 and Stage 2.
  • Design and/or implement templates, tools and techniques required to support the audit programme and ISO 22301 audits.
  • Identify and record findings, including nonconformities, establish conclusions and prepare the audit report.
  • Complete an ISO 22301 audit, ensuring follow-up and closure activities.
  • Use the audit process to support ongoing conformity and maintenance of ISO 22301 certification.
  • Acquire the knowledge required to succeed in the “BEHAVIOUR Certified Business Continuity 22301 Lead Auditor” exam.

Target Audience

  • Business Continuity, Information Security and IT consultants and other professionals who need to conduct internal or external audits.
  • Internal auditors who participate in or lead ISO 22301 audits.
  • External auditors, contractors and professionals who wish to work with Certification Bodies in ISO 22301 certification audits.
  • Managers or those responsible for audit functions or departments who wish to consolidate a compliant audit programme.
  • Project managers who lead, or are preparing to lead, an ISO 22301 implementation programme and need to understand audit requirements.
  • Professionals involved in the implementation or operation of a BCMS who wish to understand the audit process in depth.

Prerequisites

There are no mandatory formal prerequisites. However, previous experience or exposure to business continuity, BCMS, audits, risk management, governance and operations is recommended, as well as familiarity with standards and best practices from the ISO 22300 family.

In addition, other specific requirements may apply, where relevant, depending on the quotation or proposal presented.

Programme

Business Continuity, ISO 22301 and related best practices
  • Introduction to the course
  • Business continuity standards, compliance requirements, relevant legislation and regulation
  • Preparation for ISO 22301 certification
  • Business continuity fundamentals
  • Presentation and overview of BCMS requirements (Part 1: Clauses 4 to 7)
BCMS and fundamental audit principles
  • Presentation and overview of BCMS requirements (Part 2: Clauses 8 to 10)
  • Introduction to audit concepts and principles based on ISO 19011
Prepare, plan and initiate the audit; conduct document and on-site audit
  • Internal audit programme
  • Preparation and planning of BCMS audits
  • Communication during the audit
  • Audit planning and initiation
  • Document audit execution (Stage 1)
  • Information synthesis and planning for on-site audit (Stage 2)
  • On-site audit execution (Stage 2)
Conclude on-site activities and close the audit
  • Obtain and verify information: audit methods and testing
  • Identify and record audit findings
  • Prepare audit conclusions
  • Audit closure; prepare and distribute the report
  • Follow-up activities
  • Maintenance of ISO 22301 certification
  • Personal certification and training closure

Exam(s) and Certification

Exam “Certified Business Continuity 22301 Lead Auditor”

The exam covers the following competence domains:

  • Domain 1: Business continuity fundamentals and ISO 22301 requirements
  • Domain 2: Fundamental audit concepts and principles based on ISO 19011
  • Domain 3: Establish and maintain an ISO 22301 internal audit programme
  • Domain 4: Prepare and plan ISO 22301 audit activities
  • Domain 5: Conduct ISO 22301 audit activities
  • Domain 6: Complete and close ISO 22301 audit activities

 

Language(s): Portuguese and English (please consult BEHAVIOUR for availability in other languages).
Duration: 4 hours (240 minutes).
Format: Multiple-choice questions and open questions, based on a main case study and related to the competence domains.
Number of questions: 48 questions.
Pass mark: 700/1000 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 1 year after the initial exam date.

Certification (levels and requirements)

After passing the exam and signing the applicable agreement / Code of Ethics, the candidate may apply for one of three levels, according to experience:

  • Certified Business Continuity 22301 Associate Auditor: no previous experience is required
  • Certified Business Continuity 22301 Auditor: 2 years of experience in business continuity and audits
  • Certified Business Continuity 22301 Lead Auditor: 5 years of experience in business continuity and audits

 

A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying. Certification is issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.

The personal certification programme “Certified Business Continuity 22301 Lead Auditor” is designed and maintained in accordance with ISO/IEC 17024.

Certification programmes are valid only for individuals, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement / Code of Ethics.

If the professional does not comply with the agreement / Code of Ethics, certification is not granted or is revoked.

Other Information

General Information
  • Training available in Portuguese or English.
  • Online training materials available in Portuguese or English, with online access, in accordance with the awarded conditions.
  • Practical step-by-step audit methodology.
  • Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits.
  • Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
  • Digital Certification Diploma and Digital Certification Badge after successfully passing the exam and completing the application process. This registration has no associated cost.
Trainer(s)
The trainers are recognised consultants and auditors, with several years of experience in implementation, auditing and training in business continuity management systems based on BS 25999 and ISO 22301, with a particular focus on standards from the ISO 22300 family, ISO 24762 (Disaster Recovery) and associated standards.

Benefits

View benefits
  • ISO 22301 defines an auditable and certifiable Business Continuity Management System (BCMS), recognised internationally.
  • ISO 22301 supports certification and international recognition, access to markets, operational optimisation and increased trust among clients, partners and regulators.
  • The ISO 22301 Lead Auditor course.is based on the BEHAVIOUR pedagogical model, with a personal certification programme in accordance with ISO/IEC 17024.
  • Audit-oriented course, with a step-by-step process covering audit programme, planning, evidence collection, findings and follow-up.
  • Preparation for internal and external audits, including best practices based on ISO 19011 and requirements applicable to certification audits.
  • Customised methodology that turns knowledge into practice, with tools and techniques applicable in real contexts.
  • Certification exam supervised by an official BEHAVIOUR administrator.
  • Exam with two parts, multiple choice and open scenario/case-study based questions, to measure competences more effectively.
  • After passing the exam and applying for certification, the professional achieves the applicable level. In case of failure, there is a free retake within the period defined in the scheme.

Logistics

Useful information
  • Live Online (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks
  • Classroom (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks
  • 28 hours of synchronous training, distributed across 4 consecutive working days
  • Estimated 12 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside synchronous sessions
  • Requirements: computer with stable internet, browser, PDF reader and audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to the most common questions about ISO 22301 Lead Auditor course.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
Request Proposal

This course may be attended by individual professionals. It may also be integrated into capability-building paths for audit, risk, continuity and control teams that need to assess business continuity management systems with method and evidence.