CISA Certified Information Systems Auditor – Question2938
IT best practices for the availability and continuity of IT services should: A. minimize costs associated with disaster-resilient components. B. provide for sufficient capacity to meet the agreed upon demands of the business. C. provide reasonable assurance that agreed upon obligations to customers can be met. D. produce timely performance metric reports.
Correct Answer: C
Explanation:
Explanation:
It is important that negotiated and agreed commitments (i.e., service level agreements [SLAs]) can be fulfilled all the time. If this were not achievable, IT should not have agreed to these requirements, as entering into such a commitment would be misleading to the business. ‘All the time’ in this context directly relates to the ‘agreed obligations’ and does not imply that a service has to be available 100 percent of the time. Costs are a result of availability and service continuity management and may only be partially controllable. These costs directly reflect the agreed upon obligations. Capacity management is a necessary, but not sufficient, condition of availability.
Despite the possibility that a lack of capacity may result in an availability issue, providing the capacity necessary for seamless operations of services would be done within capacity management, and not within availability management. Generating reports might be a task of availability and service continuity management, but that is true for many other areas of interest as well (e.g., incident, problem, capacity and change management).
Please disable your adblocker or whitelist this site!