Correct Answer: C
A Business Continuity Plan (BCP) is based on a review of the business processes and procedures. A BCP is a document that describes the strategies, actions, and resources that an organization will use to ensure the continuity of its critical business functions in the event of a disruption or disaster. A review of the business processes and procedures is a process that analyzes the current state of the organization's operations, such as the inputs, outputs, dependencies, resources, and risks of each business process or procedure. A review of the business processes and procedures helps to identify the critical business functions, the recovery objectives, the recovery strategies, and the recovery roles and responsibilities that form the basis of the BCP. The policy and procedures manual, an existing BCP from a similar organization, and a standard checklist of required items and objectives are not the best sources for basing a BCP, as they may not reflect the specific needs, goals, and context of the organization or its business processes and procedures. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, Security Operations, page 899. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, Security Operations, page 915.