Certified Information Systems Auditor (CISA) — Question 876

Which of the following should be the IS auditor's PRIMARY focus when evaluating an organization's offsite storage facility?

Answer options

• A. Adequacy of physical and environmental controls
• B. Results of business continuity plan (BCP) tests
• C. Shared facilities
• D. Retention policy and period

Correct answer: A

Explanation

The primary focus of the IS auditor should be on the adequacy of physical and environmental controls to ensure the security of the stored data. While business continuity plan tests, shared facilities, and retention policies are important, they are secondary to ensuring that the physical environment where data is stored is secure and resilient against threats.