Certified in Risk and Information Systems Control (CRISC) — Question 1209

An organization has modified its disaster recovery plan (DRP) to reflect recent changes in its IT environment. Which of the following is the PRIMARY reason to test the new plan?

Answer options

• A. To ensure all assets have been identified
• B. To ensure the risk assessment is validated
• C. To ensure the plan is comprehensive
• D. To ensure staff is sufficiently trained on the plan

Correct answer: C

Explanation

Testing the updated disaster recovery plan (DRP) primarily ensures that the plan is comprehensive and adequately addresses all potential scenarios. While identifying assets, validating risk assessments, and training staff are important, they are secondary to confirming that the overall plan is effective and well-rounded.