CISA Certified Information Systems Auditor – Question1729

When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the:

A.
annualized loss expectancy (ALE).
B. service delivery objective.
C. quantity of orphan data.
D. maximum tolerable outage.

Correct Answer: D

Explanation:

Explanation:
The recovery time objective is determined based on the acceptable downtime in case of a disruption of operations, it indicates the maximum tolerable outage that an organization considers to be acceptable before a system or process must resume following a disaster. Choice A is incorrect, because the acceptable downtime would not be determined by the annualized loss expectancy (ALE). Choices B and C are relevant to business continuity, but they are not determined by acceptable downtime.