A vendor service level agreement (SLA) requires backups to be physically secured.
An IS audit of the backup system revealed a number of the backup media were missing.
Which of the following should be the auditor's NEXT step?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The auditor has discovered that several backup media are missing from the backup system, which is in violation of the vendor's service level agreement (SLA) that requires backups to be physically secured. The auditor now needs to take the appropriate next steps.
Option A, recommending a review of the vendor's contract, may not be the most appropriate next step as it may not address the current issue of the missing backup media.
Option B, recommending identification of the data stored on the missing media, may be a good next step, as the missing media may contain sensitive information that could be potentially harmful if it falls into the wrong hands.
Option C, notifying executive management, is also a good next step, as it will inform them of the issue and enable them to take corrective action. Executive management will be able to assess the situation and determine what actions need to be taken to mitigate the risk of the missing media.
Option D, including the missing backup media finding in the audit report, is also a good next step, as it will provide management with a clear understanding of the issue and ensure that it is addressed in a timely manner.
Therefore, the most appropriate next step for the auditor would be to recommend both Option B and Option C. The auditor should recommend identifying the data stored on the missing media and notifying executive management to enable them to take corrective action. Additionally, the auditor should include the missing backup media finding in the audit report.