Certified in Risk and Information Systems Control (CRISC) — Question 945
Which of the following is the MOST comprehensive input to the risk assessment process specific to the effects of system downtime?
Answer options
- A. Business continuity plan (BCP) testing results
- B. Recovery point objective (RPO)
- C. Business impact analysis (BIA) results
- D. Recovery time objective (RTO)
Correct answer: C
Explanation
The Business Impact Analysis (BIA) results provide a comprehensive understanding of how system downtime affects business operations, identifying critical functions and their dependencies. While the other options like RPO and RTO provide important metrics, they do not offer the same level of detail on the overall business impact as the BIA does.