Business Continuity Mgmt & Op Resilience
BCR domain controls.
Business Continuity Management Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures.
Risk Assessment and Impact Analysis
Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resiliency strategies and capabilities.
Business Continuity Strategy
Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite.
Business Continuity Planning
Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan.
Documentation
Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs.
Business Continuity Exercises
Exercise and test business continuity and operational resilience plans at least annually or upon significant changes.
Communication
Establish communication with stakeholders and participants in the course of business continuity and resilience procedures.
Backup
Periodically backup data stored in the cloud and verify the recovery of data.
Disaster Response Plan
Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters.
Response Plan Exercise
Exercise the disaster response plan annually or upon significant changes.
Equipment Redundancy
Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance.