When developing a business continuity plan (BCP), which of the following steps should be completed FIRST?

A. Ensure that offsite backups can be efficiently restored.
B. Identity alternatives to critical applications.
C. Review the business continuity insurance policy.
D. Carry out a risk assessment.