Certified Information Systems Auditor (CISA) — Question 1346

IT disaster recovery time objectives (RTOs) should be based on the:

Answer options

• A. maximum tolerable downtime (MTD).
• B. nature of the outage.
• C. maximum tolerable loss of data.
• D. business-defined criticality of the systems.

Correct answer: A

Explanation

The correct answer is A, as the maximum tolerable downtime (MTD) directly influences how quickly systems must be restored to minimize impact. Options B, C, and D are relevant but do not specifically define the time frame for recovery, making them less critical in determining the RTO.