Which of the following should be of MOST concern to an IS auditor reviewing an organization’s disaster recovery plan (DRP)?
A. The responsibility for declaring a disaster is not identified.
B. The disaster recovery steps are not detailed.
C. The CIO has not signed off on the DRP.
D. Copies of the DRP are not kept in a secure offsite location.
A. The responsibility for declaring a disaster is not identified.
B. The disaster recovery steps are not detailed.
C. The CIO has not signed off on the DRP.
D. Copies of the DRP are not kept in a secure offsite location.