ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 72 - CIPM discussion

Report
Export

An organization's business continuity plan or disaster recovery plan does NOT typically include what?

A.

Recovery time objectives.

Answers
A.

Recovery time objectives.

B.

Emergency response guidelines.

Answers
B.

Emergency response guidelines.

C.

Statement of organizational responsibilities.

Answers
C.

Statement of organizational responsibilities.

D.

Retention schedule for storage and destruction of information.

Answers
D.

Retention schedule for storage and destruction of information.

Suggested answer: D

Explanation:

An organization's business continuity plan or disaster recovery plan does not typically include a retention schedule for storage and destruction of information. A retention schedule is a document that specifies how long different types of information should be kept by an organization before they are disposed of or destroyed. A retention schedule is usually based on legal, regulatory, operational, historical, or archival requirements. A retention schedule is part of an organization's information governance or records management policy, not its business continuity or disaster recovery plan.

A business continuity plan (BCP) is a document that outlines how an organization will continue its critical functions and operations in the event of a disruption or disaster. A BCP usually includes:

Contact information and service level agreements (SLAs) for key personnel, stakeholders, providers, backup site operators, etc.

Business impact analysis (BIA) that identifies the potential impacts of disruption on all aspects of the business, such as financial, legal, reputational, etc.

Risk assessment that identifies and evaluates the likelihood and severity of various threats and vulnerabilities that could cause disruption or disaster.

Identification of critical functions that are essential for the survival and recovery of the business.

Communications plan that specifies how to communicate with internal and external parties during and after a disruption or disaster.

Testing plan that specifies how to test and update the BCP regularly to ensure its effectiveness and validity.

A disaster recovery plan (DRP) is a document that outlines how an organization will restore its IT systems, data, applications, and infrastructure in the event of a disruption or disaster. A DRP usually includes:

Recovery time objectives (RTOs) that specify how quickly each IT system or service needs to be restored after a disruption or disaster.

Recovery point objectives (RPOs) that specify how much data loss is acceptable for each IT system or service after a disruption or disaster.

Emergency response guidelines that specify how to respond to and contain a disruption or disaster, such as activating the DRP, declaring a disaster, notifying the stakeholders, etc.

Statement of organizational responsibilities that specifies who is responsible for what tasks and roles during and after a disruption or disaster, such as initiating the DRP, executing the recovery procedures, restoring the IT systems or services, etc.

Recovery procedures that specify how to recover each IT system or service from backup sources, such as backup tapes, disks, cloud services, etc.

Testing plan that specifies how to test and update the DRP regularly to ensure its effectiveness and validity.Reference:[Business Continuity Plan (BCP) Definition]; [Disaster Recovery Plan (DRP) Definition]

Show Answer
asked 22/11/2024
Emily Luijten
46 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms