Invoking a business continuity plan (BCP) is demonstrating which type of control?
Invoking a business continuity plan (BCP) is demonstrating which type of control?
Invoking a business continuity plan (BCP) demonstrates a corrective control. Corrective controls are designed to minimize the impact of a threat event once it has occurred and help restore business operations to normal. A BCP falls under this category as it outlines procedures to follow and actions to take in response to disruptions, ensuring that the business can continue to function effectively after an incident.
Corrective Controls Corrective controls, as their name suggests, are designed to minimize the impact of a threat event once it has occurred, and help in restoring, or correcting, a business to normal operations. Examples of corrective controls include the following: • Business continuity planning • Disaster recovery planning • Incident response planning • Backup procedures
Corrective controls are implemented to mitigate the effects of an identified problem or incident. When a disruptive event occurs, such as a natural disaster or a cyberattack, invoking a BCP is a corrective action aimed at restoring critical business functions and minimizing the impact on operations. Therefore, invoking a BCP is a form of corrective control.
A. Preventive
Answer is c
Answer is B*
As per the CISA manual, the BCP is a preventive and corrective control