CISA Certified Information Systems Auditor – Question0078

An IS auditor is reviewing a bank’s service level agreement (SLA) with a third-party provider that hosts the bank’s secondary data center. Which of the following findings should be of GREATEST concern to the auditor?

A.
The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan
B. The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan
C. Backup data is hosted online only
D. The SLA has not been reviewed in more than a year

Correct Answer: B