CISM Question #497: Real Exam Question with Answer & Explanation

The correct answer is A: When there is a material change to key business processes. A BIA documents the criticality, dependencies, recovery time objectives, and potential impacts of business processes. Any material change to those processes-such as a new service offering, a significant workflow change, or a key dependency shift-can invalidate existing BIA data a

Submitted by lars.no· Apr 18, 2026Information Security Risk Management

Question

Which of the following is the BEST time to update an organization's business impact analysis (BIA)?

Options

AWhen there is a material change to key business processes
BWhenever the technology that supports a business process is updated
CWhen senior management requests a review of the BIA
DAt least once every two years or when the organizational strategy is changed

Explanation

A BIA documents the criticality, dependencies, recovery time objectives, and potential impacts of business processes. Any material change to those processes-such as a new service offering, a significant workflow change, or a key dependency shift-can invalidate existing BIA data and lead to inadequate or incorrect recovery planning. Technology updates (B) may or may not constitute a material process change and should be evaluated case by case. Senior management requests (C) are reactive and may come too late. A fixed two-year cycle (D) provides a minimum baseline but can leave the BIA stale between reviews if significant changes occur.

Topics

#Business Impact Analysis (BIA)#BIA Maintenance#Risk Assessment#Business Continuity Planning (BCP)

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions