Business continuity planning for customer-facing AI solutions must ensure service availability and resilience under failure conditions. The BCP must specify the technical and operational mechanisms that maintain service continuity when primary systems are disrupted.
Why B is Correct: The ISACA AAIR business continuity guidance identifies secure access to alternate resources, multi-region failover, and load balancing as the most important additions to a BCP for customer-facing AI. These mechanisms ensure that service disruptions—whether from technical failures, cyber incidents, or regional outages—do not result in total unavailability. For customer-facing solutions, maintaining service continuity directly affects customer trust, revenue, and regulatory compliance with service availability obligations.
Why A is Wrong: Post-incident audits of recovery times and accuracy metrics are monitoring activities that occur after incidents. While valuable for improvement planning, they do not define the recovery mechanisms that the BCP must specify to ensure continuity during disruptions.
Why C is Wrong: Centralizing failover under a single cloud provider creates a concentration risk—if that provider experiences an outage, all failover mechanisms fail simultaneously. Good BCP design requires geographic and provider diversification, not concentration.
Why D is Wrong: Breach containment criteria address security incident response, not service continuity. While related to incident management, breach response procedures are typically documented in the incident response plan rather than the BCP, which focuses on maintaining or restoring business operations.
Submit