Certified Information Security Manager (CISM) — Question 334

A recovery point objective (RPO) is required in which of the following?

Answer options

• A. Business continuity plan (BCP)
• B. Information security plan
• C. Incident response plan
• D. Disaster recovery plan (DRP)

Correct answer: D

Explanation

The correct answer is D, as a Disaster Recovery Plan (DRP) specifically outlines the strategies for recovering data after a disruption, which includes defining the RPO. The other options, while important for organizational resilience, do not explicitly require an RPO as part of their frameworks.