BCR-09: Disaster Response Plan

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set.

Control Statement

Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes.

Implementation Guidance

The response plan should include the ability to protect systems—including the physical environment when possible—from inadvertent unauthorized access during an emergency. The response plan should include the following when describing environmental threats/natural disasters: fires, medical emergencies, tornadoes, hurricanes, flooding, earthquakes, and other natural disasters. Civil disturbances can include disgruntled employees/contractors/customers, terrorist attacks, biological attacks, and airborne agents. Emergency authorities can include first responders and other law enforcement entities.

Auditing Guidance

  1. Examine the policy and procedures for adequacy, approval, communication, and effectiveness as applicable to a disaster response plan.
  2. Examine the policy and procedures for evidence of review, upon significant changes, or at least annually.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.