Certified in Risk and Information Systems Control (CRISC) — Question 1378

Which of the following issues found during the review of a newly created disaster recovery plan (DRP) should be of MOST concern?

Answer options

• A. The chief information security officer (CISO) has not approved the plan.
• B. Several recovery activities will be outsourced.
• C. Some critical business applications are not included in the plan.
• D. The plan is not based on an internationally recognized framework.

Correct answer: C

Explanation

The correct answer is C because excluding critical business applications from the disaster recovery plan can lead to significant operational risks during a disaster. While having CISO approval (A) and using an internationally recognized framework (D) are important, they are secondary to ensuring that all vital business functions are accounted for in the plan. Outsourcing recovery activities (B) can be managed effectively as long as the core applications are included.