After the security policy is written, inventories are crafted, and maps of the physical and logical layouts are drawn, what must be performed in order to allow for reasonable recovery in the event of a disaster years after initial implementation of the infrastructure?
A. Online access to procedures
B. Maintaining change documentation
C. Weekly backups stored on-site
D. Paper copies of policies
The correct answer is B.
Domain: 2.2. Once security policy and related documentation are established, it is essential to continue to maintain and update the documentation over the years. Out of date documentation is just as worthless as having no documentation.