nerdexam
(ISC)2

CISSP · Question #598

When would an organization review a Business Continuity Management (BCM) system?

The correct answer is D. At planned intervals. A Business Continuity Management (BCM) system is a set of policies, procedures, and plans that aim to ensure the continuity of critical business functions in the event of a disruption or disaster. A BCM system should be reviewed at planned intervals, such as annually or biannuall

Submitted by salim_om· Mar 5, 2026Security and Risk Management

Question

When would an organization review a Business Continuity Management (BCM) system?

Options

  • AWhen major changes occur on systems
  • BWhen personnel changes occur
  • CBefore and after Disaster Recovery (DR) tests
  • DAt planned intervals

How the community answered

(51 responses)
  • B
    2% (1)
  • C
    4% (2)
  • D
    94% (48)

Explanation

A Business Continuity Management (BCM) system is a set of policies, procedures, and plans that aim to ensure the continuity of critical business functions in the event of a disruption or disaster. A BCM system should be reviewed at planned intervals, such as annually or biannually, to ensure its effectiveness, suitability, and alignment with the organization's objectives and needs. Reviewing the BCM system at planned intervals also helps to identify any gaps, weaknesses, or changes that need to be addressed. Reviewing the BCM system only when major changes occur on systems, when personnel changes occur, or before and after Disaster Recovery (DR) tests is not sufficient or consistent enough to maintain a reliable and up-to-date BCM system.

Topics

#BCM lifecycle#Business continuity#Policy review#Governance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice