Certified Information Systems Security Professional (CISSP) — Question 155

A bank failed to meet service-level agreements (SLA) with customers after suffering from a database failure of the transaction processing system (TPS) that resulted in delayed financial deposits. A regulatory agency overseeing the bank would like to determine if the cause of the delay was a material weakness. Which of the following documents is MOST relevant for the regulatory agency to review?

Answer options

• A. Business continuity plan (BCP)
• B. Business impact analysis (BIA)
• C. Continuity of Operations Plan (COOP)
• D. Enterprise resource planning (ERP)

Correct answer: A

Explanation

The Business Continuity Plan (BCP) is crucial as it outlines the strategies for maintaining operations during disruptions, making it directly relevant to assessing the bank's ability to meet SLAs. The Business Impact Analysis (BIA) identifies critical functions but does not provide the same operational contingencies as a BCP. The Continuity of Operations Plan (COOP) focuses on governmental operations rather than commercial banking, and the Enterprise Resource Planning (ERP) system deals more with resource management than continuity of service.