Week 10 - Evaluating and Maintaining a BCP

Question 1

When should a BCP be revised? (2)

Answer 1

After any significant changes that can include:

1. Restructuring of the organization
2. Launch of a new product

(Slide 03)

Question 2

Why should a BCP be revised? (3)

Answer 2

1. Complexity of the business service/organization has changed
2. Adoption of new services or assets
3. Provide continued assurance

(Slide 04)

Question 3

Fill in the blank:

Evaluation identifies areas for ___________, _______ or _________ based on ____________ outcomes.

Answer 3

Improvement, Concerns, Weakness, Data-driven

(Slide 05)

Question 4

Fill in the blank:

Assessments are a _________ basis for making __________ (conclusions based on data).

Answer 4

Systematic, Inferences

(Slide 05)

Question 5

What are four methods for evaluating and maintaining a BCP?

Answer 5

1. Reviews
2. Improvements
3. Simulations
4. Testing

(Slide 06)

Question 6

True or False:

Reviews are an assessment or examination of the BCP with the possibility or intention of changing it if necessary. It should seek to identify flaws or vulnerabilities in business processes.

Answer 6

TRUE

(Slide 07)

Question 7

When are improvements more of an effective tool?

Answer 7

After there has been a threat or incident and we have recovered from it.

(Slide 08)

Question 8

What do simulations indicate?

Answer 8

It indicates that we are limited in scope, which means results are not accurate.

(Slide 09)

Question 9

True or False:

Testing applies strategies to check the quality, performance, or reliability of the BCP after putting it into use or practice.

Answer 9

FALSE - Its BEFORE not AFTER

(Slide 10)

Question 10

True or False:

Testing is one of the least effective strategies to enhance BCP.

Answer 10

FALSE - Its MOST not LEAST

(Slide 10)

Question 11

What are seven challenges to to testing BCPs?

Answer 11

1. Difficult to emulate a disaster
2. Testing in comfort zones does not produce a precise result
3. Testers will test what they know works
4. Lack of resources, executive support or organizational engagement
5. Insufficient tools and technology
6. Lack of routine testing
7. Inability to monitor the program

(Slides 18-20)

Question 12

What is meant by “Testing in comfort zones does not produce a precise result”? (2)

Answer 12

It is very easy to test a plan under ideal circumstances.

The indications will never reflect true disaster recovery capabilities.

(Slide 18)

Question 13

Explain how “testers will test what they know works” is a challenge of testing BCPs. (3)

Answer 13

It is difficult to examine or test areas that would only be vulnerable under moments of disasters

Limited scope of testing

Fails to challenge areas in which organizations are uncomfortable.

(Slide 19)

Question 14

Is an Audit a form of assessment or evaluation?

Answer 14

Evaluation

(Slide 22)

Question 15

What is meant by audit?

Answer 15

It is a formalized method for evaluating how business continuity processes are being managed.

(Slide 23)

Question 16

What is the goal of an audit?

Answer 16

To determine whether the plan is effective and in line with the organization’s objectives.

(Slide 24)

Question 17

What is the objective of an audit? (2)

Answer 17

To ensure critical tasks such as limiting downtime during a business interruption, protecting personnel in the event of a disaster, minimizing financial losses due to a disruptive incident and restoring critical business functions and infrastructure following an incident.

With a BCP audit, the main goal is to ensure that the plan is up to completing these critical tasks.