CP-7(1): Separation from Primary Site

Control Family:

Contingency Planning

CSF v1.1 References:

CSF v2.0 References:

Threats Addressed:

Baselines:

  • Moderate
  • High

Previous Version:

Control Statement

Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.

Supplemental Guidance

Threats that affect alternate processing sites are defined in organizational assessments of risk and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.