which of the following is the PRIMARY task the IS audit…

An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these
circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of
business continuity (BCP) and disaster recovery planning (DRP)?

An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these
circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of
business continuity (BCP) and disaster recovery planning (DRP)?

A.
Review whether the service provider’s BCP process is aligned with the organization’s BCP and contractual
obligations.

B.
Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the
level of service in case of a disaster.

C.
Review the methodology adopted by the organization in choosing the service provider.

D.
Review the accreditation of the third-party service provider’s staff.

Explanation:
Reviewing whether the service provider’s business continuity plan (BCP) process is aligned with the
organization’s BCP and contractual obligations is the correct answer since an adverse effect or disruption to the
business of the service provider has a direct bearing on the organization and its customers. Reviewing whether
the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in
case of a disaster is not the correct answer since the presence of penalty clauses, although an essential
element of a SLA, is not a primary concern. Choices C and D are possible concerns, but of lesser importance.



Leave a Reply 0

Your email address will not be published. Required fields are marked *