How often should a Business Continuity Plan be reviewed?

How often should a Business Continuity Plan be reviewed?

How often should a Business Continuity Plan be reviewed?

A.
At least once a month

B.
At least every six months

C.
At least once a year

D.
At least Quarterly

Explanation:
As stated in SP 800-34 Rev. 1: To be effective, the plan must be maintained in a ready state that accurately
reflects system requirements, procedures, organizational structure, and policies. During the Operation/
Maintenance phase of the SDLC, information systems undergo frequent changes because of shifting business
needs, technology upgrades, or new internal or external policies. As a general rule, the plan should be reviewed
for accuracy and completeness at an organization-defined frequency (at least once a year for the purpose of
the exam) or whenever significant changes occur to any element of the plan. Certain elements, such as contact
lists, will require more frequent reviews. Remember, there could be two good answers as specified above.
Either once a year or whenever significant changes occur to the plan. You will of course get only one of the two
presented within your exam.
NIST SP 800-34 Revision 1



Leave a Reply 0

Your email address will not be published. Required fields are marked *