BCR: Business Continuity Management and Operational Resilience

Controls

BCR-04: Business Continuity Planning

Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities.

BCR-05: Documentation

Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically.

BCR-07: Communication

Establish communication with stakeholders and participants in the course of business continuity and resilience procedures.

BCR-08: Backup

Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency.

BCR-09: Disaster Response Plan

Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes.

BCR-10: Response Plan Exercise

Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities.

BCR-11: Equipment Redundancy

Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards.