BCR-11: Retention Policy

Control Family:

Business Continuity Management & Operational Resilience

CSF v1.1 References:

PR.DS-4
PR.IP-4
PR.IP-9

PF v1.0 References:

PR.PO-P3
PR.PO-P7
PR.DS-P4

Control Statement

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for defining and adhering to the retention period of any critical asset as per established policies and procedures, as well as applicable legal, statutory, or regulatory compliance obligations. Backup and recovery measures shall be incorporated as part of business continuity planning and tested accordingly for effectiveness.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4