CISSP · Question #2
When is a Business Continuity Plan (BCP) considered to be valid?
The correct answer is D. When it has been validated by realistic exercises. A Business Continuity Plan (BCP) is only considered valid when it has been tested and validated through realistic exercises that simulate actual disruption scenarios.
Question
Options
- AWhen it has been validated by the Business Continuity (BC) manager
- BWhen it has been validated by the board of directors
- CWhen it has been validated by all threat scenarios
- DWhen it has been validated by realistic exercises
How the community answered
(40 responses)- A3% (1)
- B3% (1)
- C5% (2)
- D90% (36)
Why each option
A Business Continuity Plan (BCP) is only considered valid when it has been tested and validated through realistic exercises that simulate actual disruption scenarios.
Validation by the BC manager is an administrative approval step, not a functional test of the plan's effectiveness during an actual disruption scenario.
Board of directors approval provides governance and executive sponsorship, but organizational sign-off does not confirm that the plan will work operationally when invoked.
Validating against all possible threat scenarios is neither practical nor achievable, as threat landscapes are constantly evolving and exhaustive scenario coverage is impossible.
A BCP is considered valid only when it has been proven effective through realistic exercises such as tabletop exercises, simulations, or full live drills. These exercises expose gaps, validate recovery time objectives, and confirm that personnel can execute the plan under realistic conditions. Without practical testing, a BCP remains theoretical and unproven regardless of who approved it.
Concept tested: Business Continuity Plan validation through exercises
Source: https://www.iso.org/standard/75106.html
Topics
Community Discussion
No community discussion yet for this question.