December 15, 2022
CISSP Study Guide: Business Continuity Planning - Project Scope and Planning
December 15, 2022
The Scope and Plan Initiation is the first stage in the creation of a business continuity plan (BCP). It involves drafting the scope for the plan and the other elements needed to define the framework of the plan. This phase should include careful analysis of the organization’s operations and support services as it relates to crisis response and planning. Scope planning can include:
- Creating a detailed account of the work required
- Listing the resources to be used
- Defining the management practices to be employed
Business Organization Analysis
An analysis of the business organization is one of the first action steps for those responsible for business continuity planning. This analysis is used to take stock of all departments and individuals who have a stake in the BCP process. This could include:
- Operational departments that are responsible for business core services
- Critical support services, such as the IT department, plant maintenance department, and other groups responsible for the maintenance of systems that support the operational departments
- Senior staff members responsible for the continued viability of the organization
Business organization analysis is usually executed by individuals leading the BCP effort. A thorough review of the analysis should be a group task of the BCP team.
BCP Team Selection
The BCP team should not exclusively involve the IT and/or security departments. Instead the BCP team should include…
- Members from each of the organization’s departments that manage core services performed by the organization
- Members from the key support departments identified by the organizational analysis
- IT representatives with technical knowledge in topics covered by the BCP
- Security representatives with knowledge of the BCP process
- Legal representatives familiar with corporate legal, regulatory, and contractual responsibilities
- Members from senior management
This assures inclusion of knowledgeable individuals who maintain day-to-day operations of the business and ensure they’re informed about plan specifics before implementation.
Resource Requirements: The Three Phase Process
After the business organization analysis has been performed, the team should turn to examination of resources required by the BCP effort. This involves three phases:
- BCP development, which requires use of resources as the BCP team implements the four elements of the BCP process. A significant resource will be hours and effort invested by members of the BCP team and the support staff.
- BCP testing, training, and maintenance, that will require hardware and software development.
- BCP implementation, which is activated when a disaster occurs and the BCP team elects to perform a full-scale utilization of the business continuity plan. This critical phase will require significant use of resources, including utilization of “hard” resources.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals