CBCP-002 Exam Dumps - Certified Business Continuity Professional (CBCP)

Business risk is the risk of loss or damage to an organization’s performance, reputation, assets, or stakeholders due to internal or external factors that affect its ability to achieve its objectives. Business risk can arise from various sources, such as market conditions, customer preferences, competition, technology, regulation, compliance, operations, finance, human resources, or natural disasters. Business risk can have a direct or indirect impact on an organization’s profitability, growth, sustainability, or continuity. Verified References: https://www.investopedia.com/terms/b/businessrisk.asp https://www.thebci.org/training-qualifications/good-practice-guidelines.html

Bilateral continuity planning is the type of continuity planning that will enhance the functioning relationship with the organization’s key suppliers, creating stronger assurances of continuous supply of information, material product and services. Bilateral continuity planning is the process of developing and maintaining mutual agreements and arrangements between an organization and its key suppliers to ensure the continuity of their respective functions and processes in the event of a disruption. Bilateral continuity planning can help to reduce risks, costs, and dependencies, as well as to improve communication, coordination, and collaboration. Verified References: https://www.iso.org/publication/PUB100442.html https://phoenixnap.com/blog/what-is-business-continuity-management

Business impact analysis (BIA) is the process of identifying and prioritizing the organization’s functions and processes based on their importance to the organization’s objectives, and assessing the potential impacts of a disruption to those functions and processes over time. The BIA helps to determine the recovery time objectives (RTOs), recovery point objectives (RPOs), and resource requirements for each function and process, as well as the interdependencies and dependencies among them. The BIA provides the basis for developing recovery strategies and plans. Verified References: https://www.ready.gov/business-impact-analysis https://drii.org/resources/professionalpractices/EN

Tolerating risk is where no action is taken to mitigate or reduce a risk. This is true because tolerating risk is one of the possible strategies for managing risk. Tolerating risk means accepting or retaining a risk without taking any further action to reduce it, either because the risk level is acceptable or because the cost or effort of reducing it is not justified. Tolerating risk may be appropriate for low-priority or low-impact risks that do not pose a significant threat to the organization’s objectives. Verified References: https://www.investopedia.com/terms/t/the-four-ts.asp https://www.thebci.org/training-qualifications/good-practice-guidelines.html

The four T’s of risk guidance produced by the Office of Government Commerce are transfer, tolerate, treat, and terminate. They are:

• Transfer: This strategy involves transferring or sharing some or all of the responsibility or impact of a risk to another party, such as an insurer, a supplier, or a partner.
• Tolerate: This strategy involves accepting or retaining a risk without taking any further action to reduce it, either because the risk level is acceptable or because the cost or effort of reducing it is not justified.
• Treat: This strategy involves taking steps to reduce the likelihood or impact of a risk to an acceptable level, such as implementing controls, mitigations, or contingency plans.
• Terminate: This strategy involves eliminating or avoiding a risk by discontinuing or changing the activity that causes it. Verified References: https://www.investopedia.com/terms/t/the-four-ts.asp https://www.thebci.org/training-qualifications/good-practice-guidelines.html

A formal “disaster” can only be declared by the firm owners or by the IT Department Manager. This is false because a formal “disaster” can be declared by any authorized person who has the responsibility and authority to activate the business continuity and disaster recovery plan. The authorized person may vary depending on the type, scope, and severity of the disaster, but it should be clearly defined in the plan who can declare a disaster and under what circumstances. The authorized person should also communicate the declaration of a disaster to all relevant stakeholders, such as employees, customers, suppliers, partners, regulators, media, or the public. Verified References: https://www.ready.gov/business-continuity-plan https://www.csoonline.com/article/515730/business-continuity-and-disaster-recovery-planning-the-basics.html

A formal “disaster” can only be declared by the firm owners or by the IT Department Manager. This is false because a formal “disaster” can be declared by any authorized person who has the responsibility and authority to activate the business continuity and disaster recovery plan. The authorized person may vary depending on the type, scope, and severity of the disaster, but it should be clearly defined in the plan who can declare a disaster and under what circumstances. The authorized person should also communicate the declaration of a disaster to all relevant stakeholders, such as employees, customers, suppliers, partners, regulators, media, or the public. Verified References: https://www.ready.gov/business-continuity-plan https://www.csoonline.com/article/515730/business-continuity-and-disaster-recovery-planning-the-basics.html

A disaster can also be declared for an illness pandemic where a significant portion of employees are sick. This is true because an illness pandemic is a type of natural disaster that can affect an organization’s ability to continue its normal operations. An illness pandemic can cause absenteeism, reduced productivity, increased costs, supply chain disruptions, customer dissatisfaction, or regulatory compliance issues. Therefore, an organization may need to declare a disaster and activate its business continuity and disaster recovery plan if an illness pandemic impacts its critical functions and processes beyond an acceptable level. Verified References: https://www.ready.gov/business-continuity-plan https://www.csoonline.com/article/515730/business-continuity-and-disaster-recovery-planning-the-basics.html

A risk register is a register that maintains information on all the identified risks relating to an organization. A risk register is a document or a tool that records and tracks the details of each risk, such as its description, source, impact, likelihood, rating, owner, status, response strategy, action plan, and monitoring method. A risk register is a useful tool for managing risks and communicating them to stakeholders. Verified References: https://www.investopedia.com/terms/r/risk-register.asp https://www.thebci.org/training-qualifications/good-practice-guidelines.html