9.2 Internal audit

Entry 9.2 requires the organization to conduct regular internal audits of its business continuity management system to verify compliance with ISO 22301, assess the effectiveness of processes, and identify areas for improvement. Audits must be planned, documented, and results communicated to relevant personnel, with corrective actions taken to address any non-conformities found. The audit program should cover all elements of the BCMS and be reviewed periodically for adequacy.