PrepAway - Latest Free Exam Questions & Answers

An IS auditor reviewing an organization’s IS disaster recovery plan should verify that it is:

An IS auditor reviewing an organization’s IS disaster recovery plan should verify that it is:

PrepAway - Latest Free Exam Questions & Answers

A.
tested every six months.

B.
regularly reviewed and updated.

C.
approved by the chief executive officer (CEO).

D.
communicated to every department head in the organization.

Explanation:

The plan should be reviewed at appropriate intervals, depending upon the nature of the business
and the rate of change of systems and personnel. Otherwise, it may become out of date and may
no longer be effective. The plan must be subjected to regular testing, but the period between tests
will again depend on the nature of the organization and the relative importance of IS. Three
months or even annually may be appropriate in different circumstances. Although the disaster
recovery plan should receive the approval of senior management, it need not be the CEO if
another executive officer is equally or more appropriate. For a purely IS-related plan, the executive
responsible for technology may have approved the plan. Similarly, although a business continuity
plan is likely to be circulated throughout an organization, the IS disaster recovery plan will usually
be a technical document and only relevant to IS and communications staff.


Leave a Reply