Syllabus of the

CBCI Certification Course

Leading to the

CBCI Certification

Version 1.0 – June 2018

Note – This document has been prepared by

Continuity & Resilience

Page 1 of 13
 COURSE DESCRIPTION:

The CBCI Certification Course has been revised to ensure that all the methodologies taught in this course
are fully aligned to the Good Practice Guidelines (GPG) 2018, the independent body of knowledge for
good Business Continuity (BC) practice.

Based on current global thinking in BC, the course has also been aligned to ISO 22301:2012, the
international standard for Business Continuity Management (BCM) to ensure its international relevance
and global applicability.

The course offers a solid description of the methods, techniques and approaches used by BC
professionals worldwide to develop, implement and maintain an effective BCM programme, as
described in GPG 2018.

This training course is intended to meet the current and future technical and professional needs of BC
professionals working in organizations of any type and size, in any industry or sector worldwide.

The course is designed to be run in 3, 4 or 5 days and also entitles you to 24, 32 or 40 CPE credits.

Learning Objectives:
• Teaches you not just the ‘what’ but also the ‘why’, ‘how’ and ‘when’ of good BC practice
• Equips you with the knowledge and understanding you require to be able to practise BC in line
with GPG 2018
• Prepares you for the Certificate of the BCI Examination, which leads to an internationally
recognised credential and post-nominal designation in BC (CBCI), and is the launching pad for
Statutory Membership of the BCI
• Provides practical insights to good BC practice and expertise by learning from some of the best
BC professionals in the industry
• Meets the current and future needs of BC professionals worldwide

Who should attend:

• Full-time or part-time Business Continuity Professionals interested in learning more about
Global BCM Best Practices
• Auditors wanting to gain an in-depth understanding of BCM
• Professionals from BCM-related domains such as Crisis and Risk Management, Emergency
Planning, Information Security, Operations, Facilities, Administration, HR, Legal and Compliance
• Those who are looking to progress through the various levels of BCI membership (MBCI etc)
• Those keen to take full advantage of the member resources on the BCI website
(www.thebci.org)

Page 2 of 13
MODULE ONE – PP1 Policy and Programme Management

LEARNING OBJECTIVES:

• Describe the stage of the BCM lifecycle

• Explain how to create or revise a BC Policy

• Define the scope of the BC Programme

• Describe the approach to establishing governance of the BC Programme

• Understand the process of the assigning roles and responsibilities within the BC Programme

• Describe the activities that make up the BC Programme and explain how to the programme
can be managed and implemented effectively

CONTENT

1. The BCM Lifecycle

2. Introduction to policy and programme management

3. The Business continuity policy

4. What does the BC policy do?

5. What to include in a business continuity policy

6. How to develop a business continuity policy

7. Reviewing an existing business continuity policy

8. Policy review checklist

9. Defining the scope of the BC Programme

10. Level of disruption

11. The process to determine scope

12. Products and services inclusion and exclusion

Page 3 of 13
13. Defining the programme scope outcome

14. Establishing governance

15. Establishing governance requires

16. Leadership and commitment

17. Good governance checklist

18. Assigning roles and responsibilities

19. Roles and Responsibilities requirements

20. The Business Continuity Programme

21. The Importance of documentation in a BC programme

22. Developing, Implementing and Managing a BC Programme

23. Knowledge Check

Page 4 of 13
MODULE TWO – PP2 Embedding

LEARNING OBJECTIVES

• Understand and influence organizational culture for successful embedding of business

continuity

• Define the competencies and skills requirements for those involved in business continuity

• Coordinate training and awareness activities as part of embedding business continuity

CONTENT

1. Introduction of the embedding business continuity

2. Embedding business continuity

3. Understanding and Influencing organizational culture

4. Embedding Goals

5. Understanding and influencing culture to embed BC

6. Examples of different types of a groups present within an organization

7. Embedding method to consider

8. Ongoing awareness raising

9. Competencies and skills

10. Core competencies and general skills

11. Measuring and maintaining competence

12. Competence and skills process

13. Training and awareness

14. Information resources

15. Outcomes of embedding BC

Page 5 of 13
16. Knowledge check

Page 6 of 13
MODULE THREE – PP3 Analysis

LEARNING OBJECTIVES

• Describe the purpose and importance of the business impact analysis (BIA)

• Explain the different types of BIA and the associated activates

• Undertake a BIA

• Understand the risk and threat assessment as part of the BC programme

CONTENT

1. Introduction to analysis

2. The BIA Goal

3. Products and services

4. A Process

5. An activity

6. The maximum tolerable period of disruption ( MTPD )

7. The recovery time objective (RTO)

8. The recovery point objective (RPO)

9. The issue of time

10. The BIA Process summarized

11. BIA Methods

12. The minimum level of capability

13. BIA outcomes

14. The initial BIA

15. The initial BIA Process

Page 7 of 13
16. The outcomes of an initial BIA

17. The product and service BIA

18. The product and service BIA process

19. The outcome of a product and service BIA

20. The process BIA

21. The outcome of a process BIA

22. The activity BIA

23. The outcome of an activity BIA

24. Risk and threat assessment

25. Risk and threats

26. Horizon scanning

27. Information sources

28. Outcome of a risk and threat assessment

29. Final analysis

30. Knowledge check

Page 8 of 13
MODULE FOUR – PP4 Design

LEARNING OBJECTIVES

• Describe the approach to designing BC solutions

• Describe the different types of BC solutions

• Understand the resource requirements for BC solutions

• Define the purpose of evaluating, and risk and threat mitigation measures

CONTENT

1. Introduction of design

2. Designing BC Solutions

3. BC Solutions

4. The BC Solution design process

5. Recourse requirement examples for BC Solution

6. Recourse requirement examples for BC Solution – further considerations

7. Consolidation of BC solutions

8. Outcomes of BC solutions

9. Risk and threat mitigation measures

10. Evaluating risk and threat mitigation measures

11. Evaluation methods

12. Examples of mitigation measures

13. Managing supply chain risk

14. Knowledge Check

MODULE FIVE – PP5 Implementation

Page 9 of 13
LEARNING OBJECTIVES

• Describe the purpose of establishing an effective response structure

• Develop and manage a business continuity plan (BCP.

• Understand the key characteristics of strategic, tactical and operational – level plans

CONTENT

1. Implementing BCPs requires:

2. Response structure

3. Response structure identifies:

4. Types of disruption

5. An effective response structure includes:

6. Process of developing a response structure

7. Response structure teams

8. Level of response

9. Outcomes from establishing a response structure

10. Responsibilities of individuals and teams

11. Developing and managing plans

12. Plain should contain

13. Process of developing and managing plans

14. Strategic plan

15. Strategic – level team responsibilities

16. Communication plans

17. Commination and media liaison

Page 10 of 13
18. Strategic planning outcome

19. Tactical plans

20. Tactical – level team responsibilities

21. Tactical – level plans

22. Suppliers and business partners

23. Emergency service liaison

24. Outcome of Tactical – level planning

25. Operational plans

26. Operational - level planning outcome

27. Knowledge check

Page 11 of 13
MODULE SIX –PP6 Validation

LEARNING OBJECTIVES

• Explain the purpose and process of developing an exercise programme

• Identify different types of exercises and differentiate between them in terms of scale and
complexity

• Develop, run and evaluate an exercise

• Assess the maintenance activities required within the BC programme

• Define the purpose and describe the process and outcomes of the various methods of review
of the BC programme

CONTENT

1. Introduction to validation

2. Developing an exercise programme

3. Exercising aims to :

4. The exercise programme should exercise the following elements:

5. Exercise types

6. Outcome from developing an exercise programme

7. Developing an exercise

8. Exercise development process

9. Planning the exercise

10. Outcomes of developing and delivering exercises

11. Maintenance

12. Maintenance - the process

13. Maintenance methods

Page 12 of 13
14. Outcomes and review

15. Review

16. Audit

17. Self-assessment

18. Quality assurance

19. Performance appraisal

20. Supplier performance

21. Management review

22. Knowledge Check

Page 13 of 13