Skip to content

title: “[03] CISSP Cheatsheet - Business Continuity Planning (BCP)” date: 2026-07-05 authors:

  • Your Name

๐Ÿ“˜ Topic: Business Continuity Planning (BCP)

Domain: D7 โ€“ Security Operations
Tags: #cissp #bcp #resilience


๐Ÿงพ Definition

BCP is the process of preparing the organization to continue critical business functions during and after disruptive events, including development of plans, alternate processes, communications, and recovery strategies.


๐Ÿ”‘ Key Points

  • Start with Business Impact Analysis (BIA) to identify critical processes and dependencies.
  • Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for critical services.
  • Maintain and test continuity plans regularly; include personnel, suppliers, and communications.
  • Coordinate BCP with DRP for IT recovery specifics.

โš ๏ธ CISSP Insight

  • CISSP emphasizes that BCP is a business governance activity; technical recovery (DRP) supports continuity but BCP covers people, processes, and facilities as well.

โš”๏ธ Key Difference / Trap

  • BCP vs DRP
    • BCP = whole-business continuity (processes, people)
    • DRP = technical recovery of IT systems and data
  • Trap: Having backup systems but no tested procedures to restore business operations.

๐Ÿ—๏ธ Example

After a local outage, a company activates its BCP to move staff to alternate work sites, switches to manual processes for critical transactions, and follows communication plans to inform stakeholders.


๐Ÿ“š References

  • NIST SP 800-34 โ€” Contingency Planning Guide for Federal Information Systems
  • ISO 22301 โ€” Business Continuity Management Systems
  • ISO/IEC 27001:2022

๐Ÿ” Quick Recall

  • BCP = keep business running; DRP = restore IT