Certified Information Systems Auditor (CISA) — Question 627

Which of the following is MOST important for an organization to complete prior to developing its disaster recovery plan (DRP)?

Answer options

• A. Business impact analysis (BIA)
• B. Comprehensive IT inventory
• C. Support staff skills gap analysis
• D. Risk assessment

Correct answer: A

Explanation

The Business Impact Analysis (BIA) is essential as it identifies the critical functions and the impact of potential disruptions, guiding the development of an effective disaster recovery plan. While a comprehensive IT inventory, skills gap analysis, and risk assessment are important, they do not provide the foundational understanding of business priorities needed for a DRP.