CISSP Study Guide: Business Continuity Planning and Disaster Recovery Planning

Natural disasters are a given threat every organization needs to be prepared for. Earthquakes, tornadoes, or manmade disasters such as arson or explosions are incidents that jeopardize the very existence of the organization. Every organization requires business continuity and disaster recovery planning to manage the impact of such disasters.

Business Continuity and Disaster Recovery Planning involve the preparation, testing, and updating of policies and procedures required to protect critical business assets from major disruptions to normal operations. Business Continuity Planning (BCP) involves the assessment of risks to organizational processes and the creation of policies, plans, and procedures to effectively deal with those risks, while Disaster Recovery Planning (DRP) describes the protocol in place for the organization to return to normal operations after a disaster.

The Business Continuity Planning (BCP) Process

The BCP process, as defined by (ISC)2, has five stages:

1. Project Scope and Planning
2. Business Impact Assessment (BIA)
3. Continuity Planning
4. Plan Approval and Implementation
5. Documentation