An organization has just completed their annual risk assessment. Regarding the business continuity plan, what
should an IS auditor recommend as the next step for the organization?
![PrepAway - Latest Free Exam Questions & Answers](https://www.briefmenow.org/img/pa5.jpg)
A.
Review and evaluate the business continuity plan for adequacy
B.
Perform a full simulation of the business continuity plan
C.
Train and educate employees regarding the business continuity plan
D.
Notify critical contacts in the business continuity plan
Explanation:
The business continuity plan should be reviewed every time a risk assessment is completed for the
organization. Training of the employees and a simulation should be performed after the business continuity plan
has been deemed adequate for the organization. There is no reason to notify the business continuity plan
contacts at this time.