Which of the following elements of BCP process includes the areas of plan implementation, plan
testing, and ongoing plan maintenance, and also involves defining and documenting the continuity
strategy?
A.
Business continuity plan development
B.
Business impact assessment
C.
Scope and plan initiation
D.
Plan approval and implementation
Explanation:
The business continuity plan development refers to the utilization of the information collected in the
Business Impact Analysis (BIA) for the creation of the recovery strategy plan to support the critical
business functions. The information gathered from the BIA is mapped out to make a strategy for
creating a continuity plan. The business continuity plan development process includes the areas of
plan implementation, plan testing, and ongoing plan maintenance. This phase also consists of
defining and documenting the continuity strategy.
Answer option C is incorrect. The scope and plan initiation process in BCP symbolizes the beginning
of the BCP process. It emphasizes on creating the scope and the additional elements required to
define the parameters of the plan.
The scope and plan initiation phase embodies a check of the company’s operations and support
services. The scope activities include creating a detailed account of the work required, listing the
resources to be used, and defining the management practices to be employed.
Answer option B is incorrect. The business impact assessment is a method used to facilitate business
units to understand the impact of a disruptive event. This phase includes the execution of a
vulnerability assessment. This process makes out the mission-critical areas and business processes
that are important for the survival of business.
It is similar to the risk assessment process. The function of a business impact assessment process is
to create a document, which is used to help and understand what impact a disruptive event would
have on the business.
Answer option D is incorrect. The plan approval and implementation process involves creating
enterprise-wide awareness of the plan, getting the final senior management signoff, and
implementing a maintenance procedure for updating the plan as required.
CISM Review Manual 2010, Contents. “Incident Management and Response”