Certified Information Systems Auditor (CISA) — Question 541

When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:

Answer options

• A. stored at an offsite location.
• B. communicated to department heads.
• C. regularly reviewed.
• D. periodically tested.

Correct answer: D

Explanation

The correct answer is D because regular testing of the disaster recovery plan ensures that it functions as intended and that staff are familiar with their roles during a disaster. Options A, B, and C are important, but without testing, the plan's effectiveness in real scenarios cannot be confirmed.