CISA Certified Information Systems Auditor – Question0410

In assessing the priority given to systems covered in an organization’s business continuity plan (BCP), an IS auditor should FIRST:

A.
review results of previous business continuity plan (BCP) tests.
B. review the backup and restore processes.
C. verify the criteria for disaster recovery site selection.
D. validate the recovery time objectives and recovery point objectives.

Correct Answer: D