CISSP · Question #1377
A bank failed to meet service-level agreements (SLA) with customers after suffering from a database failure of the transaction processing system (TPS) that resulted in delayed financial deposits. A re
The correct answer is B. Business impact analysis (BIA). A regulatory agency needs to review the Business Impact Analysis (BIA) document to determine if a database failure leading to SLA breaches and delayed deposits constitutes a material weakness, as the BIA quantifies the potential impact of such disruptions.
Question
A bank failed to meet service-level agreements (SLA) with customers after suffering from a database failure of the transaction processing system (TPS) that resulted in delayed financial deposits. A regulatory agency overseeing the bank would like to determine if the cause of the delay was a material weakness. Which of the following documents is MOST relevant for the regulatory agency to review?
Options
- ABusiness continuity plan (BCP)
- BBusiness impact analysis (BIA)
- CContinuity of Operations Plan (COOP)
- DEnterprise resource planning (ERP)
How the community answered
(43 responses)- A14% (6)
- B74% (32)
- C7% (3)
- D5% (2)
Why each option
A regulatory agency needs to review the Business Impact Analysis (BIA) document to determine if a database failure leading to SLA breaches and delayed deposits constitutes a material weakness, as the BIA quantifies the potential impact of such disruptions.
A Business Continuity Plan (BCP) outlines the procedures to restore critical business functions after a disruption has occurred, but it doesn't primarily serve to analyze or determine the extent of the impact that led to a material weakness, which is the BIA's purpose.
A Business Impact Analysis (BIA) systematically identifies and evaluates the potential effects (financial, operational, reputational, regulatory) of the disruption of critical business functions and processes, like a transaction processing system. By reviewing the BIA, the regulatory agency can understand the pre-defined severity of the TPS database failure and determine if the bank's inability to meet SLAs constitutes a material weakness based on its own identified impacts and tolerances.
A Continuity of Operations Plan (COOP) is typically a government-focused plan for maintaining essential functions during emergencies, which is a narrower scope than a BIA for a private bank determining the material weakness of a specific IT system failure.
An Enterprise Resource Planning (ERP) system is an integrated software application used for managing daily business operations, not a document used for assessing the impact of system failures or determining material weaknesses.
Concept tested: Business Impact Analysis (BIA) in disaster recovery planning
Source: https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.