nerdexam
(ISC)2

CISSP · Question #1377

A bank failed to meet service-level agreements (SLA) with customers after suffering from a database failure of the transaction processing system (TPS) that resulted in delayed financial deposits. A re

The correct answer is B. Business impact analysis (BIA). A regulatory agency needs to review the Business Impact Analysis (BIA) document to determine if a database failure leading to SLA breaches and delayed deposits constitutes a material weakness, as the BIA quantifies the potential impact of such disruptions.

Submitted by diego_uy· Mar 5, 2026Security and Risk Management

Question

A bank failed to meet service-level agreements (SLA) with customers after suffering from a database failure of the transaction processing system (TPS) that resulted in delayed financial deposits. A regulatory agency overseeing the bank would like to determine if the cause of the delay was a material weakness. Which of the following documents is MOST relevant for the regulatory agency to review?

Options

  • ABusiness continuity plan (BCP)
  • BBusiness impact analysis (BIA)
  • CContinuity of Operations Plan (COOP)
  • DEnterprise resource planning (ERP)

How the community answered

(43 responses)
  • A
    14% (6)
  • B
    74% (32)
  • C
    7% (3)
  • D
    5% (2)

Why each option

A regulatory agency needs to review the Business Impact Analysis (BIA) document to determine if a database failure leading to SLA breaches and delayed deposits constitutes a material weakness, as the BIA quantifies the potential impact of such disruptions.

ABusiness continuity plan (BCP)

A Business Continuity Plan (BCP) outlines the procedures to restore critical business functions after a disruption has occurred, but it doesn't primarily serve to analyze or determine the extent of the impact that led to a material weakness, which is the BIA's purpose.

BBusiness impact analysis (BIA)Correct

A Business Impact Analysis (BIA) systematically identifies and evaluates the potential effects (financial, operational, reputational, regulatory) of the disruption of critical business functions and processes, like a transaction processing system. By reviewing the BIA, the regulatory agency can understand the pre-defined severity of the TPS database failure and determine if the bank's inability to meet SLAs constitutes a material weakness based on its own identified impacts and tolerances.

CContinuity of Operations Plan (COOP)

A Continuity of Operations Plan (COOP) is typically a government-focused plan for maintaining essential functions during emergencies, which is a narrower scope than a BIA for a private bank determining the material weakness of a specific IT system failure.

DEnterprise resource planning (ERP)

An Enterprise Resource Planning (ERP) system is an integrated software application used for managing daily business operations, not a document used for assessing the impact of system failures or determining material weaknesses.

Concept tested: Business Impact Analysis (BIA) in disaster recovery planning

Source: https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final

Topics

#business impact analysis#BIA#disaster recovery#regulatory compliance#material weakness

Community Discussion

No community discussion yet for this question.

Full CISSP Practice