Certified Information Systems Auditor (CISA) — Question 649

Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

Answer options

• A. The disaster recovery plan (DRP) is updated on a regular basis.
• B. Roles and responsibilities are documented.
• C. Regular backups are made and stored offsite.
• D. Tabletop disaster recovery tests are conducted.

Correct answer: C

Explanation

Regular backups that are stored offsite are essential to ensure data availability in the event of a disaster, making option C the most important aspect for an IS auditor to verify. While having an updated DRP, documented roles, and conducting tabletop tests are all important, they do not directly ensure data recovery as effectively as having reliable backups.