which of the following is the PRIMARY task the IS audit

Prev Question
Next Question

An organization has outsourced its wide area network (WAN) to a third-party service provider.

Under these circumstances, which of the following is the PRIMARY task the IS auditor should
perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

A.
Review whether the service provider’s BCP process is aligned with the organization’s BCP and
contractual obligations.

B.
Review whether the service level agreement (SLA) contains a penalty clause in case of failure to
meet the level of service in case of a disaster.

C.
Review the methodology adopted by the organization in choosing the service provider.

D.
Review the accreditation of the third-party service provider’s staff.

Explanation:
Reviewing whether the service provider’s business continuity plan (BCP) process is aligned with
the organization’s BCP and contractual obligations is the correct answer since an adverse effect or
disruption to the business of the service provider has a direct bearing on the organization and its
customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case
of failure to meet the level of service in case of a disaster is not the correct answer since the
presence of penalty clauses, although an essential element of a SLA, is not a primary concern.
Choices C and D are possible concerns, but of lesser importance.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *