Skip to Content

ISACA CISA: Verifying Offsite Backups Critical in Disaster Recovery Audit

IS auditors should prioritize confirming regular data backups and their secure offsite storage when auditing an organization’s disaster recovery preparations.

Question

Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

A. The disaster recovery plan (DRP) is updated on a regular basis.
B. Roles and responsibilities are documented.
C. Regular backups are made and stored offsite.
D. Tabletop disaster recovery tests are conducted.

Answer

C. Regular backups are made and stored offsite.

Explanation

The most important thing for an IS auditor to verify during a disaster recovery audit is that regular backups are made and stored offsite.

Backups stored offsite enable recovery when production systems are inaccessible after a disaster. Restoring data is impossible without recent offsite backups. Their absence represents a major vulnerability, even if other preparations like tests and documentation are sound.

By verifying offline backups occur as defined in policies and procedures, IS auditors validate the most fundamental component facilitating system and data restoration post-crisis. Confirming their secure transportation and storage tests contingency mechanisms protecting these critical assets as well. This makes offsite backup evaluation a priority in any disaster recovery audit.

Reference

Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.