You are a member of the program of business continuity management system (BCMS) and sitting in a meeting with the agenda of determining the scope of the BCMS. Which of the following activity is least likely to be conducted?
A. SWOT analysis
B. Cost-benefit analysis
C. Stakeholder or interested party analysis
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Cost-benefit analysis.
The scope of the business continuity management system (BCMS) is determined by the result of the analysis of the organization., the context, and the interested parties or stakeholders.
SWOT analysis is a tool for internal and external environment analysis. Its result and the result of stakeholder or interested party analysis should be documented.
You conduct a cost-benefit analysis when evaluating initiatives, implementing security controls, or applying risk treatment options.