Certified in Risk and Information Systems Control (CRISC) — Question 1170

Which of the following is MOST important for a risk practitioner to confirm when reviewing the disaster recovery plan (DRP)?

Answer options

• A. The DRP covers relevant scenarios.
• B. The business continuity plan (BCP) has been documented.
• C. Senior management has approved the DRP.
• D. The DRP has been tested by an independent third party.

Correct answer: A

Explanation

The correct answer is A because ensuring that the DRP covers relevant scenarios is essential for effective disaster recovery. While approvals and documentation are important, they do not guarantee that the plan will adequately address potential risks. Testing by an independent party (D) is valuable, but without relevant scenarios being covered, the plan may still fail in an actual disaster.