Certified Information Systems Auditor (CISA) — Question 1335

An organization wants an independent measure of an outsourced system's availability. This measure is directly related to contractual payment obligations. Which of the following procedures would an IS auditor MOST likely recommend?

Answer options

• A. Requiring end users to report any service disruptions
• B. Polling the remote service at regular intervals
• C. Scanning for errors or warnings from system logs
• D. Comparing downtime to approved maintenance windows

Correct answer: B

Explanation

Option B is correct because polling the remote service at regular intervals provides a direct and ongoing measure of availability, which is crucial for contractual obligations. Options A and C rely on user reports or system logs, which may not provide timely or comprehensive data. Option D only evaluates downtime against maintenance windows, which does not account for unexpected outages.