nerdexam
(ISC)2

CISSP · Question #2

When is a Business Continuity Plan (BCP) considered to be valid?

The correct answer is D. When it has been validated by realistic exercises. A Business Continuity Plan (BCP) is only considered valid when it has been tested and validated through realistic exercises that simulate actual disruption scenarios.

Submitted by asante_acc· Mar 5, 2026Governance, Risk, and Compliance

Question

When is a Business Continuity Plan (BCP) considered to be valid?

Options

  • AWhen it has been validated by the Business Continuity (BC) manager
  • BWhen it has been validated by the board of directors
  • CWhen it has been validated by all threat scenarios
  • DWhen it has been validated by realistic exercises

How the community answered

(40 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    5% (2)
  • D
    90% (36)

Why each option

A Business Continuity Plan (BCP) is only considered valid when it has been tested and validated through realistic exercises that simulate actual disruption scenarios.

AWhen it has been validated by the Business Continuity (BC) manager

Validation by the BC manager is an administrative approval step, not a functional test of the plan's effectiveness during an actual disruption scenario.

BWhen it has been validated by the board of directors

Board of directors approval provides governance and executive sponsorship, but organizational sign-off does not confirm that the plan will work operationally when invoked.

CWhen it has been validated by all threat scenarios

Validating against all possible threat scenarios is neither practical nor achievable, as threat landscapes are constantly evolving and exhaustive scenario coverage is impossible.

DWhen it has been validated by realistic exercisesCorrect

A BCP is considered valid only when it has been proven effective through realistic exercises such as tabletop exercises, simulations, or full live drills. These exercises expose gaps, validate recovery time objectives, and confirm that personnel can execute the plan under realistic conditions. Without practical testing, a BCP remains theoretical and unproven regardless of who approved it.

Concept tested: Business Continuity Plan validation through exercises

Source: https://www.iso.org/standard/75106.html

Topics

#BCP validation#DRP testing#disaster recovery exercises#business continuity

Community Discussion

No community discussion yet for this question.

Full CISSP Practice