BCR-01: Business Continuity Planning

Next Version:

Info icon.

The next version of the control set incorporates all or part of this control into: BCR-05: Documentation, BCR-07: Communication.

Control Statement

A consistent unified framework for business continuity planning and plan development shall be established, documented, and adopted to ensure all business continuity plans are consistent in addressing priorities for testing, maintenance, and information security requirements.

Requirements for business continuity plans include the following:

  • Defined purpose and scope, aligned with relevant dependencies
  • Accessible to and understood by those who will use them
  • Owned by a named person(s) who is responsible for their review, update, and approval
  • Defined lines of communication, roles, and responsibilities
  • Detailed recovery procedures, manual work-around, and reference information
  • Method for plan invocation

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.