Backup Intervals of Critical Systems

A.

When reviewing backup policies, an IS auditor must ensure that critical systems are being backed up at appropriate intervals. The backup interval refers to the frequency at which backups are performed. It is important to ensure that backups are performed frequently enough to meet the organization's recovery objectives in the event of a disaster.

Of the answer choices provided, the backup interval should not exceed the Recovery Point Objective (RPO). RPO refers to the maximum amount of data loss that is acceptable for a system or application in the event of a disruption. For example, if an organization has an RPO of one hour, this means that it is acceptable to lose up to one hour's worth of data in the event of a disruption.

By ensuring that backup intervals do not exceed the RPO, an organization can ensure that it can recover data up to the point of failure without exceeding its acceptable RPO. If backups are performed less frequently than the RPO, it could result in unacceptable data loss.

Recovery Time Objective (RTO) refers to the maximum amount of time that is acceptable for a system or application to be offline in the event of a disruption. While RTO is important to consider when developing a disaster recovery plan, it is not directly related to backup intervals.

Service Level Objective (SLO) refers to the level of service that an organization is committed to providing to its customers. SLOs may include metrics such as uptime, response time, or availability. While SLOs are important to consider when providing services, they are not directly related to backup intervals.

Maximum Acceptable Outage (MAO) refers to the maximum amount of time that a system or application can be offline before it has a significant impact on the organization. While MAO is important to consider when developing a disaster recovery plan, it is not directly related to backup intervals.

Therefore, the answer is A. Recovery Point Objective (RPO).