Certified Information Systems Auditor (CISA) — Question 797

Which of the following is MOST important to consider when reviewing an organization's defined data backup and restoration procedures?

Answer options

• A. Mean time to restore (MTTR)
• B. Mean time between failures (MTBF)
• C. Recovery point objective (RPO)
• D. Business continuity plan (BCP)

Correct answer: C

Explanation

The Recovery Point Objective (RPO) is essential because it defines the maximum acceptable amount of data loss measured in time, guiding backup frequency. While Mean Time to Restore (MTTR) and Mean Time Between Failures (MTBF) are important metrics, they do not address data loss directly. A Business Continuity Plan (BCP) is crucial for overall organizational resilience, but RPO specifically focuses on data recovery needs.