BCP Process steps
Hi
The different books eventually confuse you instead of clearing your mind, get to the point and the comments are all yours.
The BCP process is analyzed totally different on three different books
Official ISC2 Guide
- Project Initiation and Management
- Develop and Document Project Scope and Plan
- Conducting the Business Impact Analysis (BIA)
- Identify and Prioritize
- Assess Exposure to Outages
- Recovery Point Objectives (RPO)
Sybex
- Project scope and planning
- Business impact assessment
- Continuity planning
- Approval and implementation
AIO
- Develop the continuity planning
- Conduct the BIA
- Identify preventive control
- develop recovery strategy
- Develop the contigency plan
- test the plan and conduct training
- Maintain the plan
Which one do you think to choose
The different books eventually confuse you instead of clearing your mind, get to the point and the comments are all yours.
The BCP process is analyzed totally different on three different books
Official ISC2 Guide
- Project Initiation and Management
- Develop and Document Project Scope and Plan
- Conducting the Business Impact Analysis (BIA)
- Identify and Prioritize
- Assess Exposure to Outages
- Recovery Point Objectives (RPO)
Sybex
- Project scope and planning
- Business impact assessment
- Continuity planning
- Approval and implementation
AIO
- Develop the continuity planning
- Conduct the BIA
- Identify preventive control
- develop recovery strategy
- Develop the contigency plan
- test the plan and conduct training
- Maintain the plan
Which one do you think to choose

Comments
I have also noticed some differences beween the various books, and I would love to see the responses for this
Ty
https://www.cybrary.it/video/part-14-bcp-intro/
CISSP Study Guide 3rd edition by Eric Conrad
Chapter 8 : Domain 7 Security OPerations
page 394
DEVELOPING A BCP/DRP
points to
NIST SP800-34
* Project Initiation
* Scope the Project
* Business Impact Analysis
* Recovery Strategy
* Plan Design and Development
* Implementation, Training, and Testing
* BCP/DRP Maintenance
NIST SP800-34
Contingency Planning Guide for
Federal Information Systems
the link referenced in this book is
http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf
but the link above states the publication has been moved to:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
& sadly, well... reviewing SP800-34 did not clear much up....
sorry if this just fueled the fire but wanted to source this question in my current book
I *just* got done listening to Kelly's take on BCP on Cybrary...how funny is that
:: Project Initiation
:: Business Impact Analysis
:: Recovery Strategy
:: Plan Design and Development
:: Implementation
:: Testing
:: Maintenance
Keep in mind that BIA always stands out when you talk Biz Con.
::Claudia
When someone is performing disaster recovery means, recovery at the disaster site or bringing the business up at an alternate site?
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
Most things happening at the disaster site is Disaster Recovery. If you are bringing the business up at an alternate site, regardless of what type of backup site it is, that is Business Continuity.
Business Continuity = enabling the business to run while recovering from a disaster.
jt2929
This kind of explanation I was looking for. Thanks a lot for clarifying.
Business Continuity Planning
· Created to prevent interruptions to normal business activity
· Protect critical business process from man made and natural disasters
· Minimize the effect and all resumption of business process
Key difference between BCP and DRP
· DRP addresses the procedures to be followed during and after the loss.
In addition, I remember hearing that DRP is more geared to getting I.T system up and running.