Isaca Certified in Risk and Information Systems Control CRISC Question # 108 Topic 11 Discussion
CRISC Exam Topic 11 Question 108 Discussion:
Question #: 108
Topic #: 11
Which of the following is a risk practitioner's BEST recommendation regarding disaster recovery management (DRM) for Software as a Service (SaaS) providers?
A.
Conduct inoremental backups of data in the SaaS environment to a local data center.
B.
Implement segregation of duties between multiple SaaS solution providers.
C.
Codify availability requirements in the SaaS provider's contract.
D.
Conduct performance benchmarking against other SaaS service providers.
Availability requirements specify the expected level of service and the consequences of non-compliance. They are essential for ensuring that the SaaS provider can meet the business continuity and disaster recovery needs of the customer. Codifying them in the contract creates a clear and enforceable agreement that protects both parties.
References
•ISACA CRISC Review Manual, 7th Edition, Domain 3: Risk Response, Section 3.2.3: Business Continuity and Disaster Recovery
•Guideline for Completing Disaster Recovery Plans for SaaS and PaaS Applications (Yale-MSS-3.1 GD.02)
•How to Build a SaaS Disaster Recovery Plan | Acsense
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit