>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

BC-01Business Continuity Plan

>Control Description

Organization's business contingency plan is periodically reviewed, approved by management and communicated to relevant team members.

Theme

Process

Type

Preventive

Policy/Standard

Business Continuity Policy

>Implementation Guidance

1. Design and document a process for Business Continuity and Disaster Recovery. 2. Define steps for recovery with all roles and responsibilities in the Business Continuity Plan. 3. Ensure that the Business Continuity Plan is approved by the process owners, and is communicated to all the relevant team members.

>Testing Procedure

1. Inspect and validate whether the Business Continuity and Disaster Recovery Processes are designed and documented. 2. Inspect Organization's Business Continuity Plan ("BCP") to determine whether Organization has established recovery steps and phases, recovery capabilities, and identified personnel responsible to execute recovery procedures. 3. Inspect the most recent version of Organization's BCP to determine whether it is periodically reviewed and approved. 4. Inspect the corporate intranet to determine whether Organization's BCP is communicated to relevant team members.

>Audit Artifacts

E-BC-01
E-BC-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

RCIM-2

FedRAMP Rev 5
3

CP-01
CP-02
CP-02 (01)

HIPAA Security Rule
3

164.308(a)(7)(i)
164.308(a)(7)(ii)(B)
164.308(a)(7)(ii)(C)

SOC 2
1

CC7.5

BSI C5
4

BCM-01
BCM-02
BCM-03
BCM-04

TX-RAMP
2

CP-1
CP-2

Ask AI

Configure your API key to use AI features.