Certified Information Systems Auditor (CISA) — Question 1239

Which of the following is MOST important to include when developing a business continuity plan (BCP)?

Answer options

• A. Details of linked security policies
• B. Plans for addressing all types of threats
• C. Criteria for triggering the plan
• D. Details of a comprehensive asset inventory

Correct answer: C

Explanation

The correct answer is C because having clear criteria for triggering the plan ensures that the BCP is activated at the right time during a disruption. While the other options are important, they do not directly impact the immediate response and execution of the BCP like the criteria for activation does.