Certified Information Security Manager (CISM) — Question 1122

Which of the following is MOST likely to require an organization to update its business continuity plan (BCP)?

Answer options

• A. Successful BCP testing results
• B. Increases in information security risk trends
• C. Multiple changes in organizational leadership
• D. Major changes in the business operating environment

Correct answer: D

Explanation

Major changes in the business operating environment can greatly affect how an organization functions and its risk profile, making it crucial to update the BCP. Successful testing results (A) and increases in security risks (B) indicate that the plan works or needs attention but do not necessarily trigger a complete revision. While changes in leadership (C) can impact strategy, they are less likely to necessitate a fundamental update to the BCP compared to significant environmental changes.