DRI International BCP Exam Flashcards

Questions and Answers

What is Business Continuity?

A method of risk assessment

A one-time process

An ongoing process to ensure recovery strategies (correct)

Only for IT services

What is Disaster Recovery primarily focused on?

Conducting risk assessments

Re-establishing IT services (correct)

Crisis management

Maintaining business operations

What is Risk Assessment?

The quantification of threats to an organization and the probability of them being realized.

What does Business Impact Analysis identify?

The effects of failing to perform a function or requirement.

What is Recovery Time Objective?

Time goal for the restoration of functions or resources.

What is Recovery Point Objective?

Point to which information must be restored to enable operations.

What is Crisis Management?

The overall coordination of an organization's response to a crisis.

What is Incident Management?

The process by which an organization responds to and controls an incident.

What is Incident Response?

The response of an organization to a significant event impacting its functioning.

What is the Business Continuity Professional's Role?

Establishing the need, obtaining support, and building the framework for a business continuity program.

The scope defines the extent to which a process applies.

True

How often should a risk assessment be conducted?

Annually or as significant changes occur.

What is the primary goal of Business Impact Analysis?

To prioritize functions based on criticality and time sensitivity.

What are the primary objectives of conducting a risk assessment?

To understand the entity's exposure to loss and evaluate the effectiveness of controls.

What do controls in a business continuity context do?

Prevent or mitigate impact exposures/risks.

What is Recovery Point Objective also referred to as?

Maximum data loss.

What is an example of a quantitative impact?

Numbers, percentages, or money.

What information should be presented to leadership to establish the need for business continuity?

Legal and regulatory requirements.

What is one of the last steps in the BIA process?

To prepare a gap analysis.

What should impact determine in the context of backups?

The frequency of backups.

What is the number one emerging supply chain risk?

Cyber attack.

What are the four life safety procedures?

Evacuation, sheltering, shelter-in-place, and lockdown.

Study Notes

Business Continuity Basics

• Business Continuity is an ongoing process to identify potential losses and maintain recovery strategies and service continuity.
• Disaster Recovery focuses on re-establishing IT services following disruptions, including infrastructure and data recovery.
• Risk Assessment quantifies organizational threats and evaluates their probability of occurrence.
• Business Impact Analysis assesses the consequences of not performing specific functions.

Key Concepts in Recovery Planning

• Recovery Time Objective (RTO) defines the time frame for restoring functions after a disruption.
• Recovery Point Objective (RPO) indicates the maximum acceptable data loss in terms of time.
• Crisis Management involves a coordinated response to crises to minimize damage to an organization.
• Incident Management is the organizational response to control incidents via emergency procedures.

Professional Practices in Business Continuity

• Initiate and manage programs by establishing objectives and a supportive structure.
• Importance of leadership in understanding legal responsibilities and commitment to business continuity.
• Regularly conduct risk assessments, ideally annually or with significant organizational changes.

Goals and Strategies

• Identify objectives for business continuity to ensure alignment with organizational benefits.
• Utilize various methods such as forms and interviews for data collection in risk assessment and BIA.
• Controls are crucial for mitigating identified risks, involving processes that reduce exposure to potential threats.

Financial Considerations

• Business interruption insurance covers financial losses due to temporary operational cessation.
• Extra expense insurance aids in maintaining operations after accidents until normalcy is restored.
• Contingent business interruption insurance compensates for losses due to disruptions at a customer or supplier.

Risk Management Insights

• The primary objective of risk assessment is to understand exposure to loss and assess control effectiveness.
• Natural phenomena, technological exposures, and human acts are the top three sources of risk.
• Risk appetite defines the amount of risk an organization is willing to accept at any given moment.

Business Impact Analysis (BIA)

• BIA prioritizes functions based on criticality and determines recovery objectives for core activities.
• The findings of the BIA help identify gaps between actual capabilities and required performance.
• Engaging in gap analysis is one of the concluding steps in the BIA process to address deficiencies.

Emergency Procedures

• Core life safety procedures include evacuation, sheltering, shelter-in-place, and lockdown, crucial during emergencies.

Regulatory Landscape

• Regulations are mandatory and enforced by external agencies, while standards represent best practices and are not mandatory.
• Documentation of reciprocal agreements is essential for external partnerships in business continuity planning.

Description

Test your knowledge on Business Continuity and Disaster Recovery with these flashcards. This quiz will help you understand key terms and definitions essential for the DRI International BCP Examination. Prepare efficiently by reviewing these important concepts.