Chapter 9

Question 1

What is a key consideration for BCP maintenance?

Answer 1

Regular maintenance of the BCP is critical.

Question 2

List some (4) factors that may impact the BCP.

Answer 2

System and software changes,
organization/process changes,
personnel changes, and
supplier changes.

Question 3

What are some lessons learned from testing/exercises?

Answer 3

Issues identified during plan implementation.

Question 4

What should be considered during plan review and risk assessment?

Answer 4

Changes to the external environment.

Question 5

According to the course notes, what is the largest predictor of BCP success or failure?

Answer 5

Commitment of senior management.

Question 6

What term is used to describe a more comprehensive approach to dealing with threats beyond an Emergency Action Plan?

Answer 6

Business Continuity

Question 7

What are the 3 major components of Business Continuity Planning?

De, Te, and Ma…….

Answer 7

• De → Development
• Te → Testing
• Ma → Maintenance

Question 8

What is a key factor in ensuring the continuation of business operations during and after an incident?

Answer 8

Proper team structure and crisis management

Question 9

Why is it important to assign accountability in the readiness phase of a Business Continuity Plan?

Answer 9

To ensure that tasks are properly assigned and carried out

Question 10

What are the five major areas in developing a Business Continuity Plan according to ASIS International?

Re
Im
Va
Ma and
Et

Answer 10

Readiness,
Implementation,
Validation,
Maintenance, and
Ethics

Question 11

What is the recommended frequency for maintaining and updating Business Continuity Plans?

Answer 11

Annually or when changes occur

Question 12

What type of events play a significant role in planning for potential disasters?

Answer 12

Weather and nature-related events

Question 13

In what situations can sheltering in place be invoked according to the text?

Answer 13

Weather events (e.g., snow, flooding) and man-made threats

Question 14

What is the purpose of a Rapid Entry Key Vault in a building?

Answer 14

To provide emergency responders access to essential keys or badges

Question 15

Who is responsible for building the Crisis Management Team for a Business Continuity Plan?

Answer 15

Senior organizational leadership

Question 16

What is the preliminary assessment in the Recovery phase?

Answer 16

Damage and impact assessment.

Question 17

What is included in the assessment of damage in the Recovery phase?

Answer 17

Physical damage and non-physical damage like cyber-attacks.

Question 18

What is the prioritized list in the Recovery phase for business resumption?

Answer 18

Needs……to include critical and remaining processes as per BIA.

Question 19

What signifies the end of a crisis during the Recovery phase?

Answer 19

Return to normal operations.

Question 20

What is included in Phase II of the BCP development process?

Ed
Tr and
Te the BCP

Answer 20

Educating, training, and testing the BCP.

Question 21

What should be part of education and training for personnel?

Answer 21

Key components of the BCP and response plans.

Question 22

Three reasons why testing the plan is important?

Ensure R are M
FW and
I R

Answer 22

To ensure requirements are met,
find weaknesses, and
improve response.

Question 23

What is the purpose of incorporating lessons from previous tests into the BCP?

Answer 23

To enhance future tests and improve the plan’s effectiveness.

Question 24

What roles (5) can participants take during testing?

Answer 24

Facilitator,
Simulator
controller,
observer, or
participants.

Question 25

What 3 things should be done post-completion of a test or exercise? Ev, As based on g, and M BCP if necessary

Answer 25

Evaluate, assessment based on goals, and modify BCP if necessary.

Question 26

When should the BCP be reviewed according to the notes?

Answer 26

Whenever any trigger like risk assessment or incident occurs.

Question 27

What 4 things trigger a review of a BCP? RA IT RR and EE

Answer 27

Risk assessment, industry trends, regulatory requirements, and event exercises.

Question 28

What is the purpose of a Risk Assessment?

Answer 28

To identify and analyze essential personnel, business operations, and potential risks.

Question 29

What 3 things are included in a Business Impact Analysis (BIA)? I of C P, I A (H C, F C, C I), R O

Answer 29

Identification of critical processes, impact assessment (human cost, financial cost, corporate image), recovery objectives.

Question 30

What are the 5 criteria for strategic plans in Business Continuity Management? At Ve C-e H P of S App for org’s S and T

Answer 30

At – Attainable • Ve – Verifiable • C-e – Cost-effective • H P of S – High probability of success • App for org’s S and T – Appropriate for the organization’s size and type.

Question 31

What are 4 key aspects of a Crisis Management Team (CMT) formation? TM chosen based on S and C C M S D-m A, and R for Im

Answer 31

Team members chosen based on skills and commitment, Clear management structure, decision-making authority, responsibility for implementation,

Question 32

What does the Prevention phase of Crisis Management involve…..6 things? Co with Co Po Acc and All of R Mo and Mi st and Su Se

Answer 32

Compliance with corporate policies, accountability and allocation of resources Monitoring and mitigation strategies, and support services.

Question 33

What steps (5) are involved in the Response phase of Crisis Management? As the S D and D a C D C by Sr L N the T E the P promptly

Answer 33

Assess the situation Determine and declare crisis, declare crisis by senior leader, Notify the team, and execute the plan promptly.

Question 34

How important is effective communication in crisis management?

Answer 34

Effective communication is crucial for conveying information quickly, honestly, and coming from the organization first.

Question 35

What is the importance of resource management in crisis response (3 things)? E S P A, A for all I, and A in E

Answer 35

ensures secondary personnel assignments, accounting for all individuals, and arrangements in emergencies.