CISA Certified Information Systems Auditor – Question1948

An organization’s business continuity plan should be:

A.
updated based on changes to personnel and environments.
B. updated only after independent audit review by a third party.
C. tested whenever new applications are implemented.
D. tested after successful intrusions into the organization’s hot site.

Correct Answer: A