BCR-10: Policy

CSF v1.1 References:

PF v1.0 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: BCR-01: Business Continuity Management Policy and Procedures, BCR-03: Business Continuity Strategy.

Control Statement

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for appropriate IT governance and service management to ensure appropriate planning, delivery, and support of the organization’s IT capabilities supporting business functions, workforce, and/or customers based on industry acceptable standards (i.e., ITIL v4 and COBIT 5). Additionally, policies and procedures shall include defined roles and responsibilities supported by regular workforce training.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.