PrepAway - Latest Free Exam Questions & Answers

During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only cr

During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:

A. recommend that the BCP cover all business processes.

B. assess the impact of the processes not covered.

C. report the findings to the IT manager.

D. redefine critical processes.

Explanation:

The business impact analysis needs to be either updated or revisited to assess the risk of not covering all processes in the plan. It is possible that the cost of including all processes might exceed the value of those processes; therefore, they should not be covered. An IS auditor should substantiate this by analyzing the risk.


Leave a Reply