IVS-02: Capacity and Resource Planning

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

Plan and monitor the availability, quality, and adequate capacity of resources in order to deliver the required system performance as determined by the business.

Implementation Guidance

Projections of future capacity requirements should be made regularly (at least annually—with proactive actions taken—to mitigate risks of system overload or downtime due to overwhelming demand or increased workloads. Cloud service providers should maximize resource utilization and optimize resource allocation to ensure adequate performance is delivered in line with the promised capacity. Cloud service consumers should specify performance and resource requirements in line with the business objectives.

Auditing Guidance

  1. Determine if the business requirements for system performance are available.
  2. Determine if evidence exists that points to planning and monitoring of the availability, quality and capacity of resources.
  3. Determine if evidence exists that establishes that the plan is appropriate and adequate to meet the expectations of the business requirements established in the first guideline.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.