Business Continuity Management Policy and Procedures from Cloud Controls Matrix framework

SAMMY works best on screens 1024px wide or larger.

Audit and Assurance
Application and Interface Security
Business Continuity Management and Operational Resilience
Change Management Policy and Procedures
People
Datacenter Security
Data Security and Privacy Lifecycle Management
Governance, Risk and Compliance
Human Resources
Identity and Access Management
Interoperability and Portability
Infrastructure and Virtualization Security
Logging and Monitoring
Security Incident Management, E-Discovery, and Cloud Forensics
Supply Chain Management, Transparency, and Accountability
Threat and Vulnerability Management
Universal Endpoint Management

BCR-01: Business Continuity Management Policy and Procedures

Business Continuity Management Policy and Procedures

BCR-01: Are business continuity management and operational resilience policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained?

The policies should include defined roles and responsibilities supported by regular workforce training.

The policies should:
a. Be appropriate to the organization’s purpose.
b. Provide a framework for setting business continuity objectives.
c. Include a commitment to satisfy applicable requirements and continual improvement.
d. Include organizational risk appetite and tolerance to facilitate appropriate planning, delivery, and support of capabilities in the event of a business disruption.
e. Take guidance from industry standards, such as ISO 22300.

Description

Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually.

Business Continuity Management Policy and Procedures

BCR-01: Are the policies and procedures reviewed and updated at least annually?

The policies should include defined roles and responsibilities supported by regular workforce training.