CRISC Question #580: Real Exam Question with Answer & Explanation

Question

An organization is subject to a new regulation that requires nearly real-time recovery of its services following a disruption. Which of the following is the BEST way to manage the risk in this situation?

Options

• AMove redundant IT infrastructure to a closer location.
• BObtain insurance and ensure sufficient funds are available for disaster recovery.
• CReview the business continuity plan (BCP) and align it with the new business needs.
• DOutsource disaster recovery services to a third-party IT service provider.

Explanation

To meet a new regulation requiring nearly real-time recovery, the organization must prioritize reviewing and updating its Business Continuity Plan (BCP) to align recovery strategies and capabilities with these stringent new requirements.

Common mistakes.

• A. Moving redundant infrastructure closer might reduce latency and aid recovery, but it is a specific tactic that would be determined after reviewing and updating the overall BCP to define the new RTO/RPO.
• B. Obtaining insurance and funds is a financial risk transfer/acceptance strategy, not a way to achieve nearly real-time technical recovery of services.
• D. Outsourcing disaster recovery might be a component of the new BCP, but the best way to manage the risk is to first understand the full scope of the new requirements and plan accordingly within the BCP, rather than immediately jump to outsourcing as the primary solution.

Concept tested. Regulatory impact on BCP/DR

Reference. https://learn.microsoft.com/en-us/azure/architecture/framework/resiliency/business-continuity-disaster-recovery

No community discussion yet for this question.