An IS auditor reviewing an organization's IS disaster
recovery plan should verify that it is:
A. tested every 6 months.
B. regularly reviewed and updated.
C. approved by the chief executive officer (CEO).
D. communicated to every departmental head in the organization.
- 2 Answers
- 9678 Views
- I also Faced
- E-Mail Answers
Answer Posted / guest
Answer: B
The plan should be reviewed at appropriate intervals,
depending upon the nature of the business and the rate of
change of systems and personnel, otherwise it may become out
of date and may no longer be effective. The plan must be
subjected to regular testing, but the period between tests
will again depend on the nature of the organization and the
relative importance of IS. Three months or even annually may
be appropriate in different circumstances. Although the
disaster recovery plan should receive the approval of senior
management, it need not be the CEO if another executive
officer is equally, or more appropriate. For a purely
IS-related plan, the executive responsible for technology
may have approved the plan. Similarly, although a business
continuity plan is likely to be circulated throughout an
organization, the IS disaster recovery plan will usually be
a technical document and only relevant to IS and
communications staff.
| Is This Answer Correct ? | 7 Yes | 0 No |
Post New Answer View All Answers
