PrepAway - Latest Free Exam Questions & Answers

An IS auditor reviewing an organization’s IS disaster recovery plan should verify that it is:

An IS auditor reviewing an organization’s IS disaster recovery plan should verify that it is:

PrepAway - Latest Free Exam Questions & Answers

A.
tested every six months.

B.
regularly reviewed and updated.

C.
approved by the chief executive officer (CEO).

D.
communicated to every department head in the organization.

Explanation:
The plan should be reviewed at appropriate intervals, depending upon the nature of the business
and the rate of change of systems and personnel. Otherwise, it may become out of date and may no
longer be effective. The plan must be subjected to regular testing, but the period between tests will
again depend on the nature of the organization and the relative importance of IS. Three months or
even annually may be appropriate in different circumstances. Although the disaster recovery plan
should receive the approval of senior management, it need not be the CEO if another executive
officer is equally or more appropriate. For a purely IS-related plan, the executive responsible for
technology may have approved the plan. Similarly, although a business continuity plan is likely to be
circulated throughout an organization, the IS disaster recovery plan will usually be a technical
document and only relevant to IS and communications staff.


Leave a Reply