A consistent unified framework for business continuity planning and plan development shall be established, documented, and adopted to ensure all business continuity plans are consistent in addressing priorities for testing, maintenance, and information security requirements.
Requirements for business continuity plans include the following:
- Defined purpose and scope, aligned with relevant dependencies
- Accessible to and understood by those who will use them
- Owned by a named person(s) who is responsible for their review, update, and approval
- Defined lines of communication, roles, and responsibilities
- Detailed recovery procedures, manual work-around, and reference information
- Method for plan invocation