Page 214 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 214
Project Scope and Planning
As with any formalized business process, the development of a strong
business continuity plan requires the use of a proven methodology.
This requires the following:
Structured analysis of the business’s organization from a crisis
planning point of view
The creation of a BCP team with the approval of senior
management
An assessment of the resources available to participate in business
continuity activities
An analysis of the legal and regulatory landscape that governs an
organization’s response to a catastrophic event
The exact process you use will depend on the size and nature of your
organization and its business. There isn’t a “one-size-fits-all” guide to
business continuity project planning. You should consult with project
planning professionals within your organization and determine the
approach that will work best within your organizational culture.
Business Organization Analysis
One of the first responsibilities of the individuals responsible for
business continuity planning is to perform an analysis of the business
organization to identify all departments and individuals who have a
stake in the BCP process. Here are some areas to consider:
Operational departments that are responsible for the core services
the business provides to its clients
Critical support services, such as the information technology (IT)
department, facilities and maintenance personnel, and other
groups responsible for the upkeep of systems that support the
operational departments
Corporate security teams responsible for physical security, as they
are many times the first responders to an incident and are also
