Which of the following issues should be the GREATEST co…

Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT
disaster recovery test?

Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT
disaster recovery test?

A.
Due to the limited test time window, only the most essential systems were tested. The other systems were
tested separately during the rest of the year.

B.
During the test it was noticed that some of the backup systems were defective or not working, causing the
test of these systems to fail.

C.
The procedures to shut down and secure the original production site before starting the backup site required
far more time than planned.

D.
Every year, the same employees perform the test. The recovery plan documents are not used since every
step is well known by all participants.

Explanation:
A disaster recovery test should test the plan, processes, people and IT systems. Therefore, if the plan is not
used, its accuracy and adequacy cannot be verified. Disaster recovery should not rely on key staff since a
disaster can occur when they are not available. It is common that not all systems can be tested in a limited test
time frame. It is important, however, that those systems which are essential to the business are tested, and that
the other systems are eventually tested throughout the year. One aim of the test is to identify and replace
defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a
concern if the number of discovered problems is systematically very high, in a real disaster, there is no need for
a clean shutdown of the original production environment since the first priority is to bring the backup site up.



Leave a Reply 0

Your email address will not be published. Required fields are marked *