Certified Information Security Manager (CISM) — Question 761

Which of the following BEST indicates that an organization has effectively tested its business continuity and disaster recovery plans within the stated recovery time objectives (RTOs)?

Answer options

• A. Internal compliance requirements are being met
• B. Regulatory requirements are being met
• C. Risk management objectives are being met
• D. Business needs are being met

Correct answer: D

Explanation

The correct answer is D because meeting business needs demonstrates that the organization can continue operations effectively within the RTOs. The other options, while important, do not necessarily reflect the practical application of business continuity and disaster recovery in real-world scenarios.