Certified Information Security Manager (CISM) — Question 132

An organization recently activated its business continuity plan (BCP). All employees were notified during the event, but some did not fully follow the communications plan. What is the BEST way to prevent a recurrence?

Answer options

• A. Perform tabletop testing with appropriate employees
• B. Reprimand employees for not following the plan
• C. Enhance external communication instructions in the BCP
• D. Incorporate BCP communication expectations in job descriptions

Correct answer: A

Explanation

The best approach is to perform tabletop testing with appropriate employees to ensure they understand and can effectively execute the communications plan. Reprimanding employees does not address the root cause of the issue, while enhancing instructions or incorporating expectations may not provide sufficient practical experience for the employees.