Incorrect Statement about IT Contingency Plan Maintenance

B.

Because the contingency plan contains potentially sensitive operational and personnel information, its distribution should be marked accordingly and controlled.

Not all employees would obtain a copy, but only those involved in the execution of the plan.

All other statements are correct.

NOTE FROM CLEMENT: I have received multiple emails stating the explanations contradict the correct answer.It seems many people have a hard time with negative question.In this case the Incorrect choice (the one that is not true) is the correct choice.Be very carefull of such questions, you will get some on the real exam as well.

Reference(s) used for this question: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems.

The correct answer is option D: Copies of the plan should be provided to recovery personnel for storage offline at home and office.

Explanation: An IT contingency plan is a documented set of procedures and instructions designed to prepare an organization to respond to an unexpected event that could disrupt or compromise its normal operations. The plan should be maintained and updated regularly to ensure that it is accurate and effective.

Option A is correct, as the plan should be reviewed at least once a year to ensure that it remains accurate and up-to-date. This is essential to ensure that the plan reflects any changes in the organization's operations, infrastructure, or resources.

Option B is also correct, as it is important to ensure that every employee has access to an up-to-date copy of the plan. This will help ensure that everyone knows what to do in the event of an emergency, and will help to minimize confusion and mistakes.

Option C is also correct, as strict version control should be maintained to ensure that everyone is working from the same version of the plan. This is important to ensure that everyone is following the same procedures, and to prevent errors or confusion that could arise from using different versions of the plan.

Option D is incorrect, however, as copies of the plan should not be provided to recovery personnel for storage offline at home and office. The plan should be kept in a secure, centralized location to ensure that it is protected from unauthorized access and to prevent it from being lost or damaged. Providing copies of the plan to recovery personnel for storage offline could lead to the plan being lost or stolen, and could compromise the security and confidentiality of the plan.

In summary, it is important to maintain and update an IT contingency plan regularly, ensure that every employee has access to an up-to-date copy of the plan, maintain strict version control, and keep the plan in a secure, centralized location.