>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

BC-04Continuity Testing

>Control Description

Organization performs business contingency and disaster recovery tests on a periodic basis and ensures the following: • tests are executed with relevant contingency teams • test results are documented • corrective actions are taken for exceptions noted • plans are updated based on results

Theme

Process

Type

Detective

Policy/Standard

Business Continuity Policy

>Implementation Guidance

1. Ensure that Business Continuity testing should be performed on a periodic basis as per the organization policy. 2. The business continuity testing should emulate the Business Continuity Plan and should check the coverage and efficiency of the plan. All the relevant team preparedness should be assessed in this testing. 3. Ensure that the test results are documented, and any exceptions are noted and appropriate corrective action is undertaken.

>Testing Procedure

1. Inspect whether Business Continuity Testing was performed on a periodic basis as per the organization's policy. 2. Inspect the most recent BCP test and inspect DR tests results to determine whether tests were executed and results were documented. 3. Validate whether the results of the testing exercises were tracked to remediation.

>Audit Artifacts

E-BC-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
5

RC.IM-2
PR.IP-9
PR.IP-10
ID.SC-5
PR.PT-5

ISO 27002:2022
1

5.3

FedRAMP Rev 5
2

CP-04
CP-04 (01)

PCI DSS
1

10.7.3

HIPAA Security Rule
4

164.308(a)(7)(ii)(B)
164.308(a)(7)(ii)(C)
164.308(a)(7)(ii)(D)
164.310(a)(2)(i)

SOC 2
2

CC7.5
A1.3

BSI C5
6

BCM-01
BCM-02
BCM-03
BCM-04
OPS-08
PS-02

TX-RAMP
1

CP-4

Ask AI

Configure your API key to use AI features.