IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation
should be MOST concerned about which of the following findings?
![PrepAway - Latest Free Exam Questions & Answers](https://www.briefmenow.org/img/pa5.jpg)
A.
The outsourcing contract does not cover disaster recovery for the outsourced IT operations.
B.
The service provider does not have incident handling procedures.
C.
Recently a corrupted database could not be recovered because of library management problems.
D.
incident logs are not being reviewed.
Explanation:
The lack of a disaster recovery provision presents a major business risk. Incorporating such a provision into the
contract will provide the outsourcing organization leverage over the service provider. Choices B, C and D are
problems that should be addressed by the service provider, but are not as important as contract requirements
for disaster recovery.