An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each
individual process, but no comprehensive BCP. Which would be the BEST course of action for the
Recommend that an additional comprehensive BCP be developed.
Determine whether the BCPs are consistent.
Accept the BCPs as written.
Recommend the creation of a single BCP.
Depending on the complexity of the organization, there could be more than one plan to address
various aspects of business continuity and disaster recovery. These do not necessarily have to be
integrated into one single plan; however, each plan should be consistent with other plans to have
a viable business continuity planning strategy.