Practice Quiz

Business Continuity Professional Exam Prep

Category - Exercise & Maintenance

Start a Study Session Sign up for Question of the Day

A health care company realizes that their standard for losing no more than two hours of data in the event of a major emergency is not in compliance with federal regulations on patient data.

What should be the immediate term action for the IT management and Board members responsible for disaster management?

  1. A. Focus upgrading infrastructure and prepare a new IT plan.
  2. Communicate to stakeholders that the RTO (recovery time objective) is compromised.
  3. Modify the RPO (recovery point objective) and work with stakeholders to assess/communicate the impact.
  4. All of the above.
  5. Do nothing.
Explanation

Answer. C: The case presented describes a situation where the organization's recovery point objective is not compliant with a federal regulation.

An infrastructure upgrade (Option A) is a medium/long term mitigation plan, but it does not immediately address the non-compliance issue.

RTO (Option B) is not impacted as explained in the case.

Key takeaway: The case represents a situation where planning exercise has missed a critical continuity requirement. In such cases, it is important that all stakeholders informed. Also, the plan must also be modified to capture the change.

Previous Next
Was this helpful? Upvote!
Login to contribute your own answer or details
Start a Study Session Sign up for Question of the Day

Top questions

Related questions

Most popular on PracticeQuiz