CRISC Question #442: Real Exam Question with Answer & Explanation

Question

Which of the following is a risk practitioner's BEST recommendation regarding disaster recovery management (DRM) for Software as a Service (SaaS) providers?

Options

• AConduct inoremental backups of data in the SaaS environment to a local data center.
• BImplement segregation of duties between multiple SaaS solution providers.
• CCodify availability requirements in the SaaS provider's contract.
• DConduct performance benchmarking against other SaaS service providers.

Explanation

For Software as a Service (SaaS) disaster recovery, the best recommendation is to legally bind the provider to specific availability requirements within the contract.

Common mistakes.

• A. Conducting incremental backups from a SaaS environment to a local data center might not be feasible for all SaaS solutions and doesn't guarantee service availability.
• B. Implementing segregation of duties relates to internal controls within an organization, not directly to a SaaS provider's disaster recovery capabilities.
• D. Performance benchmarking evaluates current service quality but does not guarantee or enforce disaster recovery capabilities during an actual disaster.

Concept tested. SaaS disaster recovery contractual agreements

Reference. https://learn.microsoft.com/en-us/azure/architecture/guide/disaster-recovery/dr-considerations-saas-paas

No community discussion yet for this question.