A Facebook friend and Discord member, Muhammed, asked me the following question. Because there exist various business continuity perspectives and approaches, this subject is always confusing people and sometimes controversial. I personally prefer PMP and ISO 22301, so I try to answer this question based on project management and BCMS.
67. Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?
A. Structured analysis of the organization
B. Review of the legal and regulatory landscape
C. Creation of a BCP team
D. Documentation of the planSource: Discord/CertificationStation
I would suggest “C. Creation of a BCP team” as the answer.
What do You Mean by BCP?
The acronym BCP can be annoying because the P in BCP may refer to policy, program, project, planning, or plan. A BC (business continuity) Policy can initiate and direct a BC Program, composed of BC Projects executed per the BC Plans as the results of the BC planning process.
Phases in the BC Planning Process?
Planing as a management activity or process is the first one in the PDCA cycle. We plan to produce results and achieve objectives. A plan is the typical output of the planning process.
The question is specifically and explicitly asking about the “phase” of business continuity “planning,” but it’s kind of weird because we usually discuss the lifecycle of a program or project, and a lifecycle comprises various phases or stages.
So, I assume it is a business continuity program or project.
Initiation of a Program or Project
We need the charter, backed up by a business case and the (program) policy, to initiate a program or project. In the initiation stage, it’s common to conduct the SWOT analysis to understand internal and external contexts (environments) and stakeholders. That identifies the constraints and stakeholders’ expectations, needs, and requirements and shapes the intended outcome.
So the following tasks can be done in the initiation stage:
- A. Structured analysis of the organization (internal analysis)
- B. Review of the legal and regulatory landscape (external analysis)
Planning for the Program or Project
After the program or project has been initiated, we start to define the scope (high-level scope may be drafted in the initiation stage) and derive objectives that drive the management activities or PDCA cycle.
Planning is the first activity or process of the PDCA cycle, and a plan is the output of the planning process.
So the following tasks can be done in the planning stage:
- D. Documentation of the plan (the output of the planning process)
Roles & Responsibility and various resource requirements are identified and defined in this stage.
PS. Documentation is ubiquitous and crucial in terms of ISO.
Execution of the Plan
“C. Creation of a BCP team” is interesting because the semantics varies. It may refer to “plan” for the organization of the BC team by determining R&R and human resources or recruiting team members.
When you are creating or building a team, the program or project plan may require a security analyst, but this position has to be recruited or filled from outside. It’s part of the execution.
Conclusion
There’s a blurred line to distinguish tasks between the initiation and planning stages. Some tasks completed in the initiation stage may be repeated or iterated in the planning stage.
So, it’s all right to say the following tasks are part of “project scope and planning phase:”
- A. Structured analysis of the organization
- B. Review of the legal and regulatory landscape
- D. Documentation of the plan
However, I will treat “C. Creation of a BCP team” as part of the execution stage.
I would suggest “C. Creation of a BCP team” as the answer.
This question comes from the Sybex Official Study Guide. The study guide suggests “D. Documentation of the plan” as the answer. I wrote this post to propose a different perspective.