PrepAway - Latest Free Exam Questions & Answers

which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuit

An organization has outsourced its wide area network (WAN) to a third-party service provider.
Under these circumstances, which of the following is the PRIMARY task the IS auditor should
perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

PrepAway - Latest Free Exam Questions & Answers

A.
Review whether the service provider’s BCP process is aligned with the organization’s BCP and
contractual obligations.

B.
Review whether the service level agreement (SLA) contains a penalty clause in case of failure
to meet the level of service in case of a disaster.

C.
Review the methodology adopted by the organization in choosing the service provider.

D.
Review the accreditation of the third-party service provider’s staff.

Explanation:

Reviewing whether the service provider’s business continuity plan (BCP) process is aligned with
the organization’s BCP and contractual obligations is the correct answer since an adverse effect or
disruption to the business of the service provider has a direct bearing on the organization and its
customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in
case of failure to meet the level of service in case of a disaster is not the correct answer since the
presence of penalty clauses, although an essential element of a SLA, is not a primary concern.
Choices C and D are possible concerns, but of lesser importance.


Leave a Reply