Certified Information Systems Auditor (CISA) — Question 79

An organization’s business continuity plan (BCP) should be:

Answer options

• A. updated based on changes to personnel and environments
• B. tested whenever new applications are implemented
• C. updated before an independent audit review
• D. tested after an intrusion attempt into the organization’s hot site

Correct answer: A

Explanation

The correct answer is A because a BCP must be regularly updated to reflect any changes in personnel or the operational environment to remain effective. Options B, C, and D are incorrect as they suggest testing or updating the BCP only under specific circumstances rather than as a continuous process aligned with organizational changes.