1.Scope should be embedded in an information security strategy and includes roles,risk assessment,classification,policy,awareness,training.
2.Gathering requirements and context
+ Identification of critical business processes and dependencies.
+ Risks and threats,including failure at CSP
+ Requirements may come from organization,industry standards or legal/regulatory compliance obligations.
3.Plan Analysis
+ Transaction of BCDR requirements into inputs to the design phase
+ Requirements and threat modeling should be used to ensure completeness.
+ Risk Assessment
+ Plan Design
+ Should address technical alternatives,procedures,workflow,staff,other business necessities.
+ Invocation responsibilities.
+ Automation
+ Testing of BCP