Examice

Exam CRISC All QuestionsBrowse all questions from this exam

Go to Exam

Question 224

When reviewing a business continuity plan (BCP), which of the following would be the MOST significant deficiency?

BCP is often tested using the walkthrough method

BCP testing is not in conjunction with the disaster recovery plan (DRP)

Each business location has separate, inconsistent BCPs

Recovery time objectives (RTOs) do not meet business requirements

Correct Answer: D

When reviewing a business continuity plan (BCP), the most significant deficiency would be if the recovery time objectives (RTOs) do not meet business requirements. RTOs define the maximum acceptable time that a process or system can be down before causing significant impacts to the business. If RTOs are not aligned with business needs, it can lead to extended downtime, loss of revenue, customer dissatisfaction, and potential operational disruptions. Therefore, it is critical that RTOs meet the business requirements to ensure the organization can recover critical functions within an acceptable timeframe.

Discussion

hussmohsinOption: D

There is nothing worse than Recovery time objectives (RTOs) that do not meet business requirements. This simply means the BRP is irrelevant and all recovery processes including DRP will be wrong as well. The correct answer is D.

TsureshOption: D

Should be D

tomiabiodunOption: B

RTOs are part of DRP not BCP. The question specifically said BCP review, so answer is B

BertoliniOption: B

The question is "When reviewing a BCP" not "When evaluating the result of a DRP" Key Words reviewing and deficiency Selected Answer: B BCP and DRP often seem interdependent. While the two concepts differ, they overlap in some areas and work best when developed in tandem.

eblueOption: D

of the options provided, the MOST significant deficiency when reviewing a business continuity plan (BCP) would be if the recovery time objectives (RTOs) do not meet business requirements. RTOs define the maximum acceptable time a process or system can be down before causing significant impacts to the business. If RTOs are not aligned with business needs, it can lead to extended downtime, loss of revenue, customer dissatisfaction, and potential operational disruptions during a disaster or incident. While the other options (A, B, and C) could also represent deficiencies in the BCP, the misalignment of RTOs with business requirements has the potential for more serious consequences as it directly impacts the organization's ability to recover critical functions within an acceptable timeframe. For specific ISACA references and detailed guidance, I recommend consulting ISACA's official documentation on business continuity planning and IT risk management.

01010100Option: D

D. Recovery time objectives (RTOs) do not meet business requirements Recovery Time Objective (RTO) is the target time you set for the recovery of your IT and business activities after a disaster has struck. The goal is to recover processes before the negative impact of a break becomes critical. If the RTOs don't meet business requirements, it can lead to significant business disruption and financial loss. Therefore, not meeting RTOs is the most significant deficiency when it comes to a business continuity plan.

mraiyanOption: C

Options "B, C and D" are all important. While "D" will have a direct impact on the business and "B" would lead for failed DRP testing. Inconsistent BCPs "C" would make great confusion which results in failed BCP/DRP

JulianleehkOption: D

should be D

KozyOption: D

Business objectives and requirements are always first. [D]

Raj1510Option: D

C and D two major issues. out of them will choose D considering direct impact to business objective.

Josh93Option: D

Agree it should be D