December 17, 2021 by Admin
While reviewing an organization’s business continuity plan (BCP), an IS auditor observes that a recently developed application is not included. The IS auditor should:
- ensure that the criticality of the application is determined.
- ignore the observation as the application is not mission critical.
- include in the audit findings that the BCP is incomplete.
- recommend that the application be incorporated in the BCP.