Certified Lead Auditor for Business Continuity Management

We are pleased to inform you that our colleague Jacek Knopik is one of the first to obtain the AW ISO 22301 certification – a certification accredited by the Polish Centre for Accreditation. As a result, he has become a certified lead auditor for the business continuity management system, authorized to conduct audits in accordance with the National Cybersecurity System Act.

On November 28, 2023, we received a positive decision regarding the extension of accreditation for Jacek Knopik from PBSG to include a new scope – lead auditor for the business continuity management system according to the PN-EN ISO 22301 standard. The AW ISO 22301 certificate was awarded by the first accredited body in Poland – the Polish Centre for Accreditation. It is one of the first certificates issued in the country, meaning that our colleague is part of a small group of certified auditors.

In accordance with the Regulation of the Minister of Digital Affairs of October 12, 2018, the PN-EN ISO 22301 certification authorizes the holder to conduct audits within the meaning of Article 15 of the Act of July 5, 2018, on the National Cybersecurity System. To obtain this certification, one must meet the requirements allowing participation in the exam and issuance of the certificate, as well as complete a 40-hour training course.

Who is a lead auditor for the business continuity management system?

The definition of a lead auditor for the business continuity management system (BCMS) is provided by the certification program “W17/CD. Guidelines by TÜV NORD Polska for the certification of personnel in the field of business continuity management system. Lead Auditor for the Business Continuity Management System according to the PN-EN ISO 22301 standard” (new version: edition 2, October 2023). According to this, a lead auditor is “an individual possessing the knowledge and competencies to perform tasks that allow for the assessment of compliance with the requirements of the management system according to the applicable PN-EN ISO 22301 standard.”

The above document specifies the required knowledge, job description, and tasks of a lead auditor for the BCMS. The list includes the fundamentals of systemic business continuity management, as well as knowledge of the PN-EN ISO 22301 standard, including management principles according to the PDCA model. Furthermore, the auditor should demonstrate competencies in operational activities (including BIA analysis) and know how to properly and effectively conduct an audit according to ISO 19011 and PN-EN ISO 22301, including collecting audit evidence, preparing documentation and findings, and organizing opening and closing meetings.

A few words about our expert:

Jacek Knopik has been working at PBSG since 2017. He is involved in the implementation and development of the erisk risk management tool. As an expert and practitioner in risk management, he skillfully bridges the world of IT with legal and regulatory requirements. He has led numerous projects related to risk management, business continuity, information security, and cybersecurity. He possesses invaluable experience and knowledge, which he shares as a university lecturer.