Page 212 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 212
Planning for Business Continuity
Business continuity planning (BCP) involves assessing the risks to
organizational processes and creating policies, plans, and procedures
to minimize the impact those risks might have on the organization if
they were to occur. BCP is used to maintain the continuous operation
of a business in the event of an emergency situation. The goal of BCP
planners is to implement a combination of policies, procedures, and
processes such that a potentially disruptive event has as little impact
on the business as possible.
BCP focuses on maintaining business operations with reduced or
restricted infrastructure capabilities or resources. As long as the
continuity of the organization’s ability to perform its mission-critical
work tasks is maintained, BCP can be used to manage and restore the
environment.
Business Continuity Planning vs. Disaster Recovery
Planning
CISSP candidates often become confused about the difference
between business continuity planning (BCP) and disaster recovery
planning (DRP). They might try to sequence them in a particular
order or draw firm lines between the two activities. The reality of
the situation is that these lines are blurry in real life and don’t lend
themselves to neat and clean categorization.
The distinction between the two is one of perspective. Both
activities are designed to help prepare an organization for a
disaster. They intend to keep operations running continuously,
when possible, and recover operations as quickly as possible if they
are disrupted. The perspective difference is that business
continuity activities are typically strategically focused at a high
level and center themselves on business processes and operations.
Disaster recovery plans tend to be more tactical in nature and
describe technical activities such as recovery sites, backups, and
