CBCI 7.0 Certification Course CBCI Reddit Questions

Recovery Point Objective (RPO) defines the maximum acceptable age of data to be recovered following a disruption, effectively setting the point in time to which information must be restored. The CBCI 7.0 course explains that RPOs vary depending on the priority and criticality of activities, requiring consultation with data users to ensure continuity needs are met accurately. RPOs are crucial for developing backup and data recovery strategies and directly influence the selection of technical solutions. While data protection compliance is necessary, it is not the primary function of RPO. Additionally, RPO focuses on data restoration points, not on the duration IT services can be disrupted—that relates to Recovery Time Objective (RTO).

CBCI 7.0 reflects the GPG 7.0 emphasis that business continuity culture is not achieved by “mandating and enforcing compliance” alone; it is achieved when BC becomes understood, valued, and practiced across the organization. A “good practice” BC culture therefore looks like shared understanding and broad participation—people know why BC matters, understand their roles, and actively contribute to readiness and resilience. That matches option C.

Option A describes compliance without ownership, which is weaker and often fragile under stress. Option B incorrectly centralizes BC into the BC team; good practice requires distributed ownership (leaders and staff) rather than the BC function “doing it all.” Option D is also incorrect because top management involvement remains essential (leadership sets direction, provides resources, and reinforces expectations); a mature culture does not remove leadership accountability—it strengthens organization-wide engagement with leadership support. The GPG’s cultural focus is about enabling the organization to improve BC culture intentionally and make BC part of “how we operate,” not a specialist-only activity.

When an organization lacks fully developed BC solutions, response structures, or plans, the CBCI 7.0 course recommends the immediate development and implementation of an interim crisis management plan. This plan serves as a temporary framework to manage disruptions while the comprehensive BCMS is being established. An interim plan prioritizes rapid response capability, outlining essential roles, responsibilities, and immediate actions to stabilize incidents. Conducting a BIA is important but follows initial crisis preparedness. Outsourcing or reactive procurement of resources without a foundational plan risks ad hoc responses and inefficiency. Establishing an interim plan ensures the organization is not unprepared during the transition towards a mature BCMS.

CBCI 7.0 aligns its risk assessment language to ISO/BCI terminology. BCI guidance defines risk assessment as an overall process of risk identification, risk analysis, and risk evaluation. In the wording of your question, “listing risk sources” maps to risk identification, and “performing a risk source analysis” maps to risk analysis (examining likelihood and consequences to understand risk level). The third step, therefore, is risk evaluation—comparing analysed risks against agreed criteria (risk appetite/tolerance) to decide whether further action is needed and to prioritise treatment.

Option C (assessing consequences) is part of risk analysis, not the final step. Options A and B can be helpful techniques, but they are not the standard third step in the three-step risk assessment model used in BC/ISO-aligned frameworks. Therefore, the correct answer is D: Evaluating risks.