While reviewing the business continuity plan of an organization, an IS auditor observed that the
organization’s data and software files are backed up on a periodic basis. Which characteristic of an
effective plan does this demonstrate?
An effective business continuity plan includes steps to mitigate the effects of a disaster. Files must
be restored on a timely basis for a backup plan to be effective. An example of deterrence is when
a plan includes installation of firewalls for information systems. An example of recovery is when a
plan includes an organization’s hot site to restore normal business operations.