the call center processes. Customers want you to do this type of exercise to ensure they are protected in case of an emergency and will often work with you. Question: 122 A health care company realizes that their standard for losing no more than two hours of data in the event of a major emergency is not in compliance with federal regulations on patient data. What should be the immediate term action for the IT management and Board members responsible for disaster management? A. A. Focus upgrading infrastructure and prepare a new IT plan. B. Communicate to stakeholders that the RTO ( recovery time objective recovery time objective ) is compromised. ) is compromised. C. Modify the RPO ( recovery point objective recovery point objective ) and work with stakeholders to assess/communicate the impact. ) and work with stakeholders to assess/communicate the impact. E. Do nothing. D. All of the above. Answer: C
The case presented describes a situation where the organization's recovery point objective is not compliant with a federal regulation. An infrastructure upgrade (Option A) is a medium/long term mitigation plan, but it does not immediately address the non-compliance issue. RTO (Option B) is not impacted as explained in the case. RTO (Option B) is not impacted as explained in the case. Key Takeaway: The case represents a situation where planning exercise has missed a critical continuity requirement. In such cases, it is important that all stakeholders informed. Also, the plan must also be modified to capture the change.
You've reached the end of your free preview.
Want to read all 7 pages?
- Fall '20
- A. Act, A. Carry, Disaster Recovery Institute, BCP Project Charter