Certified in Risk and Information Systems Control (CRISC) — Question 822
When reviewing the business continuity plan (BCP) of an online sales order system, a risk practitioner notices that the recovery time objective (RTO) has a shorter time than what is defined in the disaster recovery plan (DRP). Which of the following is the BEST way for the risk practitioner to address this concern?
Answer options
- A. Update the risk register to reflect the discrepancy.
- B. Adopt the RTO defined in the BCP.
- C. Adopt the RTO defined in the DRP.
- D. Communicate the discrepancy to the DR manager for follow-up.
Correct answer: D
Explanation
The correct answer is D because it is crucial to communicate discrepancies to the DR manager who can investigate and resolve the inconsistency. Options A, B, and C do not directly address the issue or involve the appropriate personnel to ensure the BCP and DRP are aligned.