A consistent unified framework for business continuity planning and plan development shall be established, documented, and adopted to ensure all business continuity plans are consistent in addressing priorities for testing, maintenance, and information security requirements.
Requirements for business continuity plans include the following:
- Defined purpose and scope, aligned with relevant dependencies
- Accessible to and understood by those who will use them
- Owned by a named person(s) who is responsible for their review, update, and approval
- Defined lines of communication, roles, and responsibilities
- Detailed recovery procedures, manual work-around, and reference information
- Method for plan invocation
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.