Certified Information Systems Auditor (CISA) — Question 1319

An organization outsourced its IS functions. To meet its responsibility for disaster recovery, the organization should:

Answer options

• A. coordinate disaster recovery administration with the outsourcing vendor
• B. delegate evaluation of disaster recovery to a third party
• C. delegate evaluation of disaster recovery to internal audit
• D. discontinue maintenance of the disaster recovery plan (DRP)

Correct answer: A

Explanation

The correct answer is A because coordinating with the outsourcing vendor ensures that both parties are aligned on disaster recovery protocols. Options B and C suggest delegating responsibility, which could lead to a lack of direct oversight and accountability. Option D is incorrect as it implies abandoning the disaster recovery plan, which is crucial for organizational resilience.