A.  

Personnel complete tasks as instructed within the time allocated

B.  

Personnel are aware of Business Continuity and attend meetings if required to

C.  

Personnel feel committed to Business Continuity and ensure that their tasks are completed promptly and with attention to detail

D.  

Personnel view Business Continuity as additional requirements which demand further training

A.  

The organization is performing at its optimum financial level

B.  

Personnel are embracing Business Continuity sufficiently well to deliver Business Continuity requirements

C.  

New strategies and solutions are in order to meet Business Continuity requirements

D.  

The results of an external audit are justified in terms of internal evidence of Business Continuity achievements

A.  

Performance Appraisal

B.  

Post-incident Review

C.  

Quality Assurance (QA)

D.  

External Audit

A.  

Holding annual assessments of Business Continuity knowledge and understanding and setting minimum pass standards which personnel must meet

B.  

Making it a disciplinary offence for personnel to miss relevant Business Continuity meetings and training events

C.  

Including Business Continuity as part of the introduction to meetings and events in order to strengthen and maintain the relationship between personnel and the organization

D.  

Providing updates on Business Continuity activities via the intranet which personnel can find and read if they are interested

A.  

Unlimited access to financial resources during a disruption

B.  

Knowledge of when key suppliers and external stakeholders should be notified and included in the response

C.  

Flexibility to change policies and procedures during a disruption without consulting top management

D.  

Personnel in place to assess and measure the performance of responders during a disruption

A.  

A new Business Continuity professional is appointed and they provide a fresh focus on the approach to be taken

B.  

An exercise activity reveals that changes to operational procedures are needed

C.  

There is a change to the internal or external operating context

D.  

Personnel are not embracing Business Continuity and a new approach to engage them is required

A.  

For review by all BIA participants

B.  

For submission to top management for final approval

C.  

For planning an exercise

D.  

For internal audit

A.  

All data users and activities have the same requirements; so only limited consultation is required to determine the RPO

B.  

The RPO should comply with data protection requirements

C.  

The RPO is the point to which information must be restored to enable all priority activities to operate on resumption

D.  

The RPO establishes the amount of time that IT services can be disrupted before the organization is impacted

A.  

It requires a series of events and activities scheduled over a period of time

B.  

It is necessary to carry out exercises only once as initial tests will provide all of the required information

C.  

A single type of exercise should be used for all so that participants become familiar with the structure and approach of the exercise activities

D.  

It is necessary to carry out exercises for only a sample of the plans and recovery teams in place

A.  

Business Continuity is part of the organization's strategic planning and is reviewed regularly

B.  

The organization's health and safety risk assessments are recorded as required

C.  

The organization maintains full compliance with legal and regulatory requirements

D.  

The organization's Business Continuity operational plans are kept up to date

A.  

An Activity BIA ensures that all of the activities undertaken by an organization can continue as usual during a disruption and sets out a detailed plan to enable continuity

B.  

An Activity BIA determines the resources required to deliver the organization's prioritized products and services

C.  

An Activity BIA identifies risks to delivery activities and establishes strategies to either prevent risks arising or to mitigate their effects should they arise

D.  

An Activity BIA identifies and prioritizes the activities that deliver the most urgent products and services and determines the resources and dependencies required to enable continuity

A.  

Measuring Business Continuity culture

B.  

Identifying and assigning Business Continuity Management System (BCMS) roles and responsibilities

C.  

Developing an exercise programme

D.  

Defining the initial BCMS scope

A.  

Existing policies and procedures may be relevant to the BCMS so early identification will reduce the risk for duplication of work

B.  

Early collaboration with colleagues will engage them in the process and secure support for the ongoing development and implementation of the BCMS

C.  

Engagement of stakeholders will reduce the potential for conflict at later stages of the programme

D.  

Involving stakeholders will reduce the workload and responsibilities of the Business Continuity Professional as administrative activities can be delegated to other staff

A.  

Development and adoption of a Business Continuity policy to protect the organization from disruptions

B.  

Assigning Business Continuity roles and responsibilities across the organization's hierarchy

C.  

Gaining an understanding of the organization's culture

D.  

Including funding in the Business Continuity budget to hire a consulting firm to run Business Continuity as a project

A.  

Only Business Continuity professionals and any available administrative support

B.  

Only top management

C.  

Customers and suppliers that are familiar with the way the organization works and can make recommendations from an external perspective

D.  

Multi-disciplinary experts who are familiar with the operation of the organization

A.  

Access to the policy is restricted to top management and department heads

B.  

The policy is communicated widely within the organization

C.  

All personnel who are provided with a copy of the policy are required to confirm that they will treat its contents as confidential

D.  

Communications specialists take control of the distribution of the policy and the management of any future revisions

A.  

Review

B.  

Gap analysis

C.  

Maintenance

D.  

Internal audit

A.  

Conduct an initial Business Impact Analysis (BIA)

B.  

Develop and implement an interim crisis management plan

C.  

Outsource the response to a Business Continuity service provider when a crisis or disruption occurs

D.  

Implement a "go to" strategy and acquire the required resources, equipment, and services when disruption occurs

A.  

Meeting arrangements should be stated in plans that are made available to all team members

B.  

At least two meeting locations should be stated with the team leader deciding which to use at the time of the incident

C.  

Meetings must always take place in a physical rather than virtual location

D.  

A continuously available and stable power supply should be available to meeting locations

A.  

Begin gathering more details about the situation

B.  

Use a pre-determined code word to notify all participants of suspension of the exercise

C.  

Call a short break to allow time to determine how to proceed

D.  

Continue with the exercise unless otherwise notified

A.  

Should be the Recovery Time Objective (RTO)

B.  

Should be attained either at the same time, or after, the RTO

C.  

Is the point identified in the risk assessment when risks have been successfully mitigated

D.  

Is the point set by top management for mobilizing response teams

A.  

Performing a check of backup equipment at the alternate site on a monthly basis

B.  

Taking corrective actions to revise the Business Continuity plan after an actual incident

C.  

Examining with department heads the performance of their systems following near misses

D.  

Making changes to the evacuation procedures after an emergency building evacuation demonstrates the procedures include unexpected risks

A.  

Re-purpose work areas and facilities to enable working arrangements for organization personnel during a disruption

B.  

Contract former employees and contractors to undertake work at the replacement during a disruption

C.  

Create a separate supply chain to support the alternative site in the case of an incident occurring

D.  

Advise personnel that they will have to work around the existing workstations and equipment in the alternative site as it will be an emergency situation

A.  

Build up followers and establish a social media presence before an incident

B.  

Empower all staff to engage with social media to ensure that information during a disruption can be delivered quickly

C.  

Ensure all staff who engage with social media are aware of the need to keep a note of their engagement in case valuable contacts are secured through this route

D.  

Limit social media engagement to one-way communications as only the organization's formal statements and opinions are required

A.  

Findings from the Business Impact Analysis (BIA)

B.  

The risks expected to materialise in the future

C.  

Advantages and disadvantages of the solution

D.  

The Business Continuity culture index

A.  

The development of training material including all relevant information and procedures so that this can be made available when required

B.  

Links to social media so the organization can run an extensive recruitment campaign both inside and outside the organization if a disruptive event occurs

C.  

Recruitment of additional personnel so that the organization always has access to surplus staff in case of an incident occurring

D.  

Induction and training by an operational manager at the time when the disruption is underway so that individuals can build understanding and confidence prior to commencing the allocated tasks

A.  

Only senior level exercise participants should provide opinions during the debrief

B.  

One-on-one interviews with all exercise participants should be conducted within one month following the exercise

C.  

A hot debrief should be conducted within one month after the conclusion of an exercise

D.  

Surveys are especially effective if an exercise and its participants are spread out over multiple locations