Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically.
The documentation should include but is not limited to:
- Administrator and user guides
- Database backup and replication guidelines
- Architecture diagrams
- Incident playbooks
Documentation availability is intended to support successful continuity of the following activities:
- Configuring, installing, deploying changes, and operating the system and/or infrastructure.
- Effectively using the system’s security and business continuity features.
- Using system automation and structured playbooks where available for fast incident recovery.
The documentation should be interconnected and comparable.
- Examine the process for determining the documentation required to support business continuity and operational resilience.
- Examine the process for developing or acquiring such documentation and maintaining its currency.
- Evaluate the process and implementation of identifying stakeholders and making documentation available.
- Examine the policy and procedures for evidence of review.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.