A.  

To ensure that only minimum information is shared with personnel and other interested parties

B.  

To ensure that the correct specialist jargon and acronyms are being used consistently across the organization

C.  

To ensure that it sets out points in a way that is straightforward and engaging for staff involved in implementing Business Continuity (BC) in the organization

D.  

To act as an accessible summary document to support the actions detailed in the Business Continuity Management System (BCMS)

A.  

Business Continuity is part of the organization's strategic planning and is reviewed regularly

B.  

The organization's health and safety risk assessments are recorded as required

C.  

The organization maintains full compliance with legal and regulatory requirements

D.  

The organization's Business Continuity operational plans are kept up to date

A.  

The advantages and disadvantages of the proposed solution

B.  

The type of exercises to be conducted to validate the strategies and solutions

C.  

The estimated costs to prepare, implement, operate and maintain the solution

D.  

The implementation time required

A.  

Enforcing regular BC activities such as attendance at briefings or training

B.  

Establishing a system where BC is seen only as a corporate mandate driven by policy

C.  

Allocating additional responsibilities and objectives related to BC roles to existing workloads

D.  

Establishing BC as a culture underpinned by personal beliefs and corporate behaviours

A.  

Scenario exercise

B.  

Test

C.  

Discussion-based exercise

D.  

Simulation

A.  

Measure capabilities to deliver the solutions by carrying out a gap analysis

B.  

Create guidance documents that detail response activities and procedures that specific teams need to follow

C.  

Establish and implement a strategy to ensure that business objectives are aligned to the agreed solutions

D.  

Carry out a review of the Business Continuity policy to ensure that it is updated with the detail of the agreed solutions

A.  

Review

B.  

Gap analysis

C.  

Maintenance

D.  

Internal audit

A.  

Holding annual assessments of Business Continuity knowledge and understanding and setting minimum pass standards which personnel must meet

B.  

Making it a disciplinary offence for personnel to miss relevant Business Continuity meetings and training events

C.  

Including Business Continuity as part of the introduction to meetings and events in order to strengthen and maintain the relationship between personnel and the organization

D.  

Providing updates on Business Continuity activities via the intranet which personnel can find and read if they are interested

A.  

Be put in place as part of the outcome of the Business Impact Analysis (BIA) and the associated solutions design

B.  

Follow the same framework of activities each year so that progress can be compared over time

C.  

Be reviewed regularly at pre-defined intervals or following significant change

D.  

Reflect trends in customer concerns and feedback from stakeholders

A.  

Identify a strategy to close the existing gaps

B.  

Design and select solutions to deliver strategies and close gaps

C.  

Assess whether or not current capabilities are sufficient to meet the Business Continuity (BC) requirements

D.  

Develop a risk mitigation strategy to address any identified single points of failure

A.  

Breach of legal or regulatory obligations

B.  

Damage to reputation

C.  

Threats that could cause disruption

D.  

Failure to meet business objectives

A.  

Business Continuity Management System (BCMS)

B.  

Emergency Response Strategy

C.  

Culture

D.  

Crisis Communication plan

A.  

Delivering performance targets

B.  

Timely production of quality assurance audit trails

C.  

Compliance with regulatory requirements

D.  

Ensuring that communication protocols are observed

A.  

A single method should be applied consistently regardless of roles and responsibilities

B.  

A separate, independent department should be established to oversee the process and summarise results

C.  

Measurement methods should be designed into day-to-day operations or Business Continuity (BC) activities

D.  

Personnel should be advised that performance will be judged and action taken if attitudes are unsatisfactory

A.  

A risk assessment

B.  

An exercise

C.  

A Business Impact Analysis (BIA)

D.  

A meeting with owners of product and services activities

A.  

Acceptable levels of risk

B.  

All threats to an organization

C.  

Unacceptable levels of risk

D.  

Selected risks to the organization

A.  

Personnel working from home

B.  

Repurposing other work areas and facilities

C.  

Ordering, delivering and installing replacement equipment

D.  

Rebuilding and reconnecting utility feeds

A.  

The development of training material including all relevant information and procedures so that this can be made available when required

B.  

Links to social media so the organization can run an extensive recruitment campaign both inside and outside the organization if a disruptive event occurs

C.  

Recruitment of additional personnel so that the organization always has access to surplus staff in case of an incident occurring

D.  

Induction and training by an operational manager at the time when the disruption is underway so that individuals can build understanding and confidence prior to commencing the allocated tasks

A.  

Financial value of the product or service to the organization

B.  

Consultation with, and feedback from, the organization's staff

C.  

How quickly and easily the product or service can be incorporated into the BCMS

D.  

Comparative approaches to the product or service taken by business competitors

A.  

The availability of key information when required

B.  

The design and effectiveness of the business impact analysis process

C.  

The effectiveness and usability of relevant procedures

D.  

The reliability of systems and equipment

A.  

Embedding is focused on mandating and enforcing compliance whereas embracing is aimed at creating a greater understanding of the reason why BC is needed through cultural change

B.  

Embedding is mandated by top management within the BCMS whereas embracing is designed and implemented by operational teams

C.  

Embedding is only relevant for organizations that are new to BC whereas embracing should only be undertaken in organizations with well-established BCMS

D.  

Embedding relies on commitment from personnel whereas embracing is mandated and incorporates strict discipline

A.  

Unlimited access to financial resources during a disruption

B.  

Knowledge of when key suppliers and external stakeholders should be notified and included in the response

C.  

Flexibility to change policies and procedures during a disruption without consulting top management

D.  

Personnel in place to assess and measure the performance of responders during a disruption

A.  

A situation where personnel follow procedures as set out by the organization but do not have a sense of ownership.

B.  

A situation where Business Continuity (BC) professionals have significant influence in the organization and specify all actions to be taken and carry out all reviews as needed.

C.  

A situation where all staff have a shared understanding of Business Continuity (BC) and everyone is involved.

D.  

A situation where the workforce is sufficiently committed to Business Continuity (BC) that top management does not get involved.

A.  

Confirmation of how well Business Continuity is incorporated into the tasks pertaining to the Business Continuity Management System (BCMS)

B.  

Confirmation that personnel are familiar with their roles, and authority in response to an incident

C.  

Increased understanding of the requirements set out in the Activities Business Impact Analysis (BIA)

D.  

Validation of the Business Continuity Management System (BCMS) against standards, regulations and legislation

A.  

The outcomes of an organization's risk assessment to determine which part of the organization is at greatest risk

B.  

The scope of the Business Continuity Management System (BCMS)

C.  

The outcomes of a gap analysis to identify where there is greatest need for Business Continuity capability to be improved

D.  

Consultation with internal and external stakeholders on the extent of analysis that is required

A.  

The timeframe within the Maximum Tolerable Period of Disruption (MTPD) during which a product, service or activity must be suspended to avoid adverse impacts on customers

B.  

The timeframe within the Maximum Tolerable Period of Disruption (MTPD) for resuming disrupted activities at a specified minimum acceptable capacity

C.  

The period of time following a disruption during which a product, service or activity must be suspended while resources are recovered and operating standards are re-established

D.  

The point at which all products, services and activities must be fully resumed following a disruption

A.  

Meeting arrangements should be stated in plans that are made available to all team members

B.  

At least two meeting locations should be stated with the team leader deciding which to use at the time of the incident

C.  

Meetings must always take place in a physical rather than virtual location

D.  

A continuously available and stable power supply should be available to meeting locations

A.  

The budget required for the exercise

B.  

The teams that will be required to participate

C.  

The plausibility of the storyline to be used for the scenario

D.  

The arrangements for external communications after the exercise has been completed

A.  

Develop a project risk register and carry out appropriate risk assessments in the workplace

B.  

Ensure that there is ongoing commitment across all organizational functions and levels

C.  

Commission research into approaches taken by organizations

D.  

Enable the Business Continuity professional to establish their authority and issue instructions on the actions that need to be taken

A.  

To provide the foundation for further development, effective operation, support and continual improvement

B.  

To monitor and review BC training programmes regularly to ensure that any skills gaps identified by the gap analysis are being addressed

C.  

To ensure that different parts of the organization can take independent approaches to reflect their preferences and timelines

D.  

To align the governance of the BCMS with the structure of the organization's business sector

A.  

Improved teamwork and competency of recovery team members

B.  

Verification that the expected Recovery Time Objectives (RTOs) can be achieved

C.  

Identification of outdated information in the Business Continuity (BC) plans and areas for improvement

D.  

Design of additional Business Continuity (BC) policies and solutions

A.  

There is clear top management commitment to the policy and its continued improvement.

B.  

The policy details the incident management plans and the financial budgets available to support recovery plans.

C.  

The policy provides details of constraints on specific suppliers.

D.  

The policy can be validated by exercises and updated with the detailed learning that arises from carrying out the exercises.

A.  

Only Business Continuity professionals and any available administrative support

B.  

Only top management

C.  

Customers and suppliers that are familiar with the way the organization works and can make recommendations from an external perspective

D.  

Multi-disciplinary experts who are familiar with the operation of the organization

A.  

The Recovery Point Objective (RPO)

B.  

The Maximum Tolerable Period of Disruption (MTPD)

C.  

The Minimum Business Continuity Objective (MBCO)

D.  

The standard timeline set by the organization's customer services charter

A.  

Should be the Recovery Time Objective (RTO)

B.  

Should be attained either at the same time, or after, the RTO

C.  

Is the point identified in the risk assessment when risks have been successfully mitigated

D.  

Is the point set by top management for mobilizing response teams

A.  

All data users and activities have the same requirements; so only limited consultation is required to determine the RPO

B.  

The RPO should comply with data protection requirements

C.  

The RPO is the point to which information must be restored to enable all priority activities to operate on resumption

D.  

The RPO establishes the amount of time that IT services can be disrupted before the organization is impacted

A.  

Announcing the changes that have been made on the organization's external website

B.  

Encouraging personnel to adapt solutions to suit their particular situation in order to engage them in the process

C.  

Ensuring alignment with response structure and plans

D.  

Checking that printed versions of procedures have been made available to all organization personnel

A.  

Accounting for the personnel on the site where the incident has occurred

B.  

Being able to contact personnel and their family members

C.  

Assigning responsibilities to staff who are working away from the site to enable recovery activities to commence

D.  

Enabling access to physical care if needed

A.  

Activity and resource owners

B.  

Top management

C.  

Incident response team leaders

D.  

Media and communication managers

A.  

Where the organization is experiencing rapid growth

B.  

Where the organization is conducting an initial BIA

C.  

Where there is a lack of top management support for Business Continuity (BC)

D.  

Where the organization has been through structural changes since the previous BIA

A.  

Ensure that a named person within the organization takes responsibility for the monitoring and management of the risk

B.  

Calculate a risk score based on the combination of the likelihood of the risk occurring and the consequences of this happening

C.  

Mitigate each risk identified by reducing the likelihood of the risk occurring or by lowering the impact of disruption

D.  

Ensure that regular updates on the current status of the risk are presented to top management

A.  

Adopt a BC culture development approach that was successfully used by another organization.

B.  

Introduce an aggressive training programme for all employees that focuses on details of the BCMS.

C.  

Start with the basics, ensuring that employees' needs and perspectives are recognised, and then progress to more advanced topics.

D.  

Expand and enhance BCMS information on the organization’s intranet and introduce a requirement that all employees review the information at least once a year.

A.  

The Business Continuity professional will temporarily take over the responsibilities of the absent role holder

B.  

Responsibilities of the absent role holder will be put on hold while a substitute is located

C.  

A subject matter expert will be assigned as the deputy for each primary BCMS role holder

D.  

The Incident Response Team will assume responsibility for the responsibilities of the absent BCMS role holder

A.  

Identifying historical risks

B.  

Categorising risks

C.  

Assessing the consequences of risks

D.  

Evaluating risks

A.  

Solutions Design

B.  

Analysis

C.  

Validation

D.  

Enabling Solutions

A.  

Business Impact Analysis

B.  

Recovery Time Analysis

C.  

Cost Benefit Analysis

D.  

Risk and Threat Analysis

A.  

Culture

B.  

Business targets

C.  

Business plan

D.  

Structure

A.  

Conducting a Business Impact Analysis (BIA) that can be shared with all personnel

B.  

Carrying out a gap analysis to identify whether the Business Continuity resumption capabilities meet the Business Continuity needs

C.  

Estimating the gap between the extent to which Business Continuity is currently embraced in the organization and the desired level at which Business Continuity should be embraced

D.  

Implementing a communications strategy to share information about the gaps in the organization's current Business Continuity plans

A.  

It ensures a clear understanding of the areas of the organization that are, and are not, covered by the BCMS

B.  

It establishes permanent parameters for the BCMS

C.  

It defines the BCMS on the organization’s products, services, and activities

D.  

It makes the best use of available time and finances

A.  

Determining how the BCMS will be monitored, reviewed and continually improved over time

B.  

Developing internal and external communications systems to raise the profile of the BCMS and highlight successful steps in the development

C.  

Carrying out health and safety risk assessments in all parts of the organization and making a commitment to repeat these assessments every year as part of the BCMS

D.  

Ensuring compliance with legal requirements across the company and developing a register of any risks

A.  

Developing an awareness strategy

B.  

Planning a live exercise

C.  

Developing plans

D.  

Designing solutions

A.  

Build and strengthen relationships with interested parties and get everyone to work towards a common goal

B.  

Conduct Business Impact Analysis (BIA) workshops with senior management

C.  

Increase the frequency and number of audits to ensure that all business areas comply with the Business Continuity (BC) policy

D.  

Make it mandatory for all personnel to attend Business Continuity (BC) exercises