BCI Updated CBCI Exam Questions and Answers by giovanni

The CBCI 7.0 course emphasizes that wide communication of the Business Continuity policy is vital to ensure that all personnel understand the organization’s commitment to continuity and their roles within the BCMS. Transparency fosters engagement and accountability, encouraging personnel to embrace continuity practices. Restricting access limits awareness and can hinder implementation. While confidentiality might apply to sensitive procedures, the policy itself should be broadly accessible. Communication specialists may support distribution but ownership of policy dissemination and updates remains a governance responsibility to ensure consistency and reach.

The CBCI 7.0 course explains that an Activity Business Impact Analysis (BIA) provides detailed identification of dependencies necessary to deliver prioritized products and services. This includes internal dependencies such as departments and resources, and external dependencies such as suppliers and partners. Mapping these dependencies is crucial to understanding potential vulnerabilities and planning continuity solutions that address both internal process interrelations and supply chain considerations. The Product and Services BIA focuses more on outcomes and impacts, while risk assessments identify threats but do not detail operational dependencies. Initial assessments are broader and less detailed.

GPG 7.0 explains that Analysis (PP3) uses two techniques: BIA and Risk Assessment. The BIA determines the impacts of disruption over time and identifies priorities and resource requirements; then the risk assessment analyses the relevant risks to prioritised activities to find concentrations of risk or potential points of failure. This sequencing is logical: you first decide what matters most and what must be recovered (BIA outputs), and then you assess what could stop those priorities from being delivered (risk assessment focused on prioritised products/services/activities). That is exactly what option B states.

Option A may be a side benefit, but it is not the core methodological reason. Option C is not a BC good-practice rationale. Option D is incorrect because PP3 risk assessment is typically scoped to prioritised activities rather than being a generic “full organizational risk assessment.”

Note on “100% verified from CBCI 7.0 course documents”: I cannot access the paid CBCI courseware directly, but these answers are verified against official BCI GPG 7.0 materials and BCI PP3/PP2 published guidance, which CBCI 7.0 is based on.

In CBCI 7.0 / BCI GPG 7.0, the Analysis practice (PP3) clearly separates two techniques: Business Impact Analysis (BIA) and Risk Assessment. The BIA estimates the impacts of disruption over time to determine response/recovery priorities and resource requirements, while risk assessment analyses relevant risks to prioritised activities (i.e., threats, vulnerabilities, points of failure).

A Products & Services BIA is a strategic-level BIA used to understand which products and services matter most, the impacts if they are disrupted, and therefore supports decisions such as prioritisation and even clarifying/adjusting BCMS scope at a high level. It can also be used when major operational change occurs to re-check disruption impacts and priorities.

However, identifying the likelihood and consequences of specific threats is the role of risk assessment, not the Products & Services BIA. The question’s wording (“likelihood and consequences of specific threats”) matches risk assessment language, so option D is the one the Products & Services BIA would NOT be used for.