CISA · Question #73
CISA Question #73: Real Exam Question with Answer & Explanation
The correct answer is B: As soon as the new operating model is in place. When an organization permanently transitions to fully remote operations, the existing Business Impact Analysis (BIA) must be reviewed immediately upon the new operating model's implementation to reflect the changed risks and impacts.
Question
An organization is permanently transitioning from onsite to fully remote business operations. When should the existing business impact analysis (BIA) be reviewed?
Options
- AAt least one year after the transition
- BAs soon as the new operating model is in place
- CDuring the next scheduled review
- DAs soon as the decision about the transition is announced
Explanation
When an organization permanently transitions to fully remote operations, the existing Business Impact Analysis (BIA) must be reviewed immediately upon the new operating model's implementation to reflect the changed risks and impacts.
Common mistakes.
- A. Waiting at least one year after the transition is too long, as the BIA would be based on outdated assumptions and would not accurately reflect the current risk landscape.
- C. Postponing the review until the next scheduled cycle would leave the organization vulnerable, as the BIA's criticality and assumptions have been immediately impacted by the operational change.
- D. While the decision announcement is a good trigger for planning, the BIA should be updated once the new model is in place to assess the actual impacts and dependencies under the new operational conditions.
Concept tested. Business Impact Analysis (BIA) review triggers
Reference. https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.