An organization has just completed their annual risk assessment. Regarding the business continuity plan, what
should an IS auditor recommend as the next step for the organization?
A.
Review and evaluate the business continuity plan for adequacy
B.
Perform a full simulation of the business continuity plan
C.
Train and educate employees regarding the business continuity plan
D.
Notify critical contacts in the business continuity plan
Explanation:
The business continuity plan should be reviewed every time a risk assessment is completed for the
organization. Training of the employees and a simulation should be performed after the business continuity plan
has been deemed adequate for the organization. There is no reason to notify the business continuity plan
contacts at this time.