Certified Information Systems Auditor (CISA) — Question 1191

When assessing the overall effectiveness of an organization’s disaster recovery planning process, which of the following is MOST important for the IS auditor to verify?

Answer options

• A. Management documents and distributes a copy of the plan to all personnel.
• B. Management contracts with a third party for warm site services.
• C. Management schedules an annual tabletop exercise.
• D. Management reviews and updates the plan annually or as changes occur.

Correct answer: D

Explanation

The correct answer is D because regularly reviewing and updating the disaster recovery plan ensures it remains relevant and effective in light of any changes in the organization. Options A, B, and C, while important, do not directly address the ongoing relevance and adaptability of the plan, which is crucial for effective disaster recovery.