BCR-09: Impact Analysis

Next Version:

Info icon.

The next version of the control set incorporates all or part of this control into: BCR-03: Business Continuity Strategy.

Control Statement

There shall be a defined and documented method for determining the impact of any disruption to the organization (cloud provider, cloud consumer) that must incorporate the following:

  • Identify critical products and services
  • Identify all dependencies, including processes, applications, business partners, and third party service providers
  • Understand threats to critical products and services
  • Determine impacts resulting from planned or unplanned disruptions and how these vary over time
  • Establish the maximum tolerable period for disruption
  • Establish priorities for recovery
  • Establish recovery time objectives for resumption of critical products and services within their maximum tolerable period of disruption
  • Estimate the resources required for resumption

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.