BCP Process steps

misthemisthe Member Posts: 26 ■■■□□□□□□□

The different books eventually confuse you instead of clearing your mind, get to the point and the comments are all yours.
The BCP process is analyzed totally different on three different books

Official ISC2 Guide
- Project Initiation and Management
- Develop and Document Project Scope and Plan
- Conducting the Business Impact Analysis (BIA)
- Identify and Prioritize
- Assess Exposure to Outages
- Recovery Point Objectives (RPO)
- Project scope and planning
- Business impact assessment
- Continuity planning
- Approval and implementation
- Develop the continuity planning
- Conduct the BIA
- Identify preventive control
- develop recovery strategy
- Develop the contigency plan
- test the plan and conduct training
- Maintain the plan

Which one do you think to choose :)


  • RoxtonRoxton Member Posts: 17 ■□□□□□□□□□

    I have also noticed some differences beween the various books, and I would love to see the responses for this

  • mkohimkohi Member Posts: 49 ■■□□□□□□□□
    This is helpful but I would also like to hear user inputs.

  • RoxtonRoxton Member Posts: 17 ■□□□□□□□□□
    I am no expert, but being doing some digging and i think(I stand under correction) the Nist 800-34 is the more or less correct steps. Will need to probably wait for someone that actually knows I guess.
  • coffeeisgoodcoffeeisgood Member Posts: 136 ■■■□□□□□□□
    there is another source

    CISSP Study Guide 3rd edition by Eric Conrad
    Chapter 8 : Domain 7 Security OPerations
    page 394

    points to
    NIST SP800-34

    * Project Initiation
    * Scope the Project
    * Business Impact Analysis
    * Recovery Strategy
    * Plan Design and Development
    * Implementation, Training, and Testing
    * BCP/DRP Maintenance

    NIST SP800-34
    Contingency Planning Guide for
    Federal Information Systems

    the link referenced in this book is

    but the link above states the publication has been moved to:


    & sadly, well... reviewing SP800-34 did not clear much up....
    sorry if this just fueled the fire but wanted to source this question in my current book
  • webpriestesswebpriestess Member Posts: 82 ■■□□□□□□□□
    I have to concur with my friend coffee...stick with the NIST.

    I *just* got done listening to Kelly's take on BCP on Cybrary...how funny is that :) Here is exactly what's on her slide (very similar to NIST):

    :: Project Initiation
    :: Business Impact Analysis
    :: Recovery Strategy
    :: Plan Design and Development
    :: Implementation
    :: Testing
    :: Maintenance

    Keep in mind that BIA always stands out when you talk Biz Con.

  • harrym1harrym1 Member Posts: 27 ■□□□□□□□□□
    Can anyone shed some light on this please?

    When someone is performing disaster recovery means, recovery at the disaster site or bringing the business up at an alternate site?
  • p@r0tuXus[email protected] Member Posts: 532 ■■■■□□□□□□
    Remembering from my Sec+ training, there are hot/warm/cold backup sites. Just depends on the BCP to determine which site is used. Also, after reading these posts, I can see a lot of similarity in the list from start to finish. Some of it may arbitrarily come before other points, but the flow seems natural. Prepare, observe, plan, develop, implement, test, train, maintain.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    i think kelly should write a cissp book icon_smile.gif
  • jt2929jt2929 Member Posts: 244 ■■■□□□□□□□
    harrym1 wrote: »
    Can anyone shed some light on this please?

    When someone is performing disaster recovery means, recovery at the disaster site or bringing the business up at an alternate site?

    Most things happening at the disaster site is Disaster Recovery. If you are bringing the business up at an alternate site, regardless of what type of backup site it is, that is Business Continuity.

    Business Continuity = enabling the business to run while recovering from a disaster.
  • harrym1harrym1 Member Posts: 27 ■□□□□□□□□□
    Thanks to all for the reply.

    This kind of explanation I was looking for. Thanks a lot for clarifying.

  • SirkassadSirkassad Member Posts: 43 ■■■□□□□□□□
    For what its worth, I came across these flashcards:

    Business Continuity Planning
    · Created to prevent interruptions to normal business activity
    · Protect critical business process from man made and natural disasters
    · Minimize the effect and all resumption of business process

    Key difference between BCP and DRP
    · DRP addresses the procedures to be followed during and after the loss.

    In addition, I remember hearing that DRP is more geared to getting I.T system up and running.
Sign In or Register to comment.