A Chief Information Security Officer (CISO) has launched an initiative to create a robust BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting operational importance for the applications used by the business and determine the order in which the applications must be brought back online. Which of the following should be the FIRST step taken by the team?

A. Perform a review of all policies and procedures related to BCP and DR and create an educational module that can be assigned to all employees to provide training on BCP/DR events

B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C. Have each business unit conduct a BIA and categorize the applications according to the cumulative data gathered

D. Implement replication of all servers and application data to back up datacenters that are geographically dispersed from the central datacenter and release an updated BPA to all clients