Certified Information Systems Auditor (CISA) — Question 595

Which of the following should be done FIRST to develop an effective business continuity plan (BCP)?

Answer options

• A. Perform a business impact analysis (BIA).
• B. Secure an alternate processing site.
• C. Create a business unit communications plan.
• D. Create a disaster recovery plan (DRP).

Correct answer: A

Explanation

The first step in developing a business continuity plan is to perform a business impact analysis (BIA), as it identifies critical functions and the potential impact of disruptions. Securing an alternate processing site, creating a communications plan, and developing a disaster recovery plan are important steps, but they should occur after understanding the business's needs through a BIA.