Plans at different levels (strategic, tactical, operational) typically share common foundational elements: a clear purpose and scope, key assumptions, and objectives (C), so users understand when and how to apply the plan. They also usually include escalation guidance (A) so issues are raised to the right level quickly, and stand-down/transition procedures (D) so teams can safely return to normal operations and capture learning after resolution. These elements support coordinated response across the response structure.
However, risk assessments for each possible scenario (B) would not be included “at all levels” of plans. Risk assessment is a distinct analysis activity, and while plans may reference key threats or assumptions, they are generally not built as scenario-by-scenario risk assessment catalogues—especially not across every plan level. The BCI distinguishes BIA (impact over time) and Risk Assessment (risks to prioritised activities) as analysis techniques; plans then enable execution of the chosen solutions and response arrangements.
So, risk assessments may inform plans, but they are not a universal content component at every plan level. Therefore B is correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit