Certificate of Cloud Auditing Knowledge (CCAK) — Question 87

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

Answer options

• A. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
• B. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
• C. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
• D. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Correct answer: C

Explanation

The correct answer is C because it emphasizes the importance of prioritizing activities and ensuring recovery aligns with the organization's risk appetite and capacity. Options A and B focus on broader aspects of unavailability and planning but do not specifically address the execution of prioritized activities and recovery timelines. Option D, while relevant, does not capture the detailed operational aspects necessary for effective continuity and resilience.