+BCM-01 Business Continuity and Emergency Management System
---+BCM-01.01B
---+BCM-01.02B
---+BCM-01.03B
---+BCM-01.04B
|
1. Übersicht
BCM-01 Business Continuity and Emergency Management System
-
| Bezeichnung |
Standard |
|
BCM-01.01B
|
The cloud service provider operates a business continuity and emergency management system in accordance with ISO 22301 and/or BSI 200-4.
The basic criterion can (but need not) be fulfilled with a certification of the BCM according to ISO/IEC 22301.
|
|
BCM-01.02B
|
Policies and procedures for the cloud service's business continuity management, including strategy and guidelines, business impact analyses, and business continuity plans, are documented, communicated, and made available in accordance with SP-01 regarding the following aspects:
1. Goals of the BCM;
2. Roles and responsibilities, management commitment;
3. Scoping of the BCM, identifying relevant business processes;
4. Interfaces, in particular to Incident Management;
5. Communication with relevant entities and competent authorities;
6. Methodology;
7. Consideration of Risk;
8. Business Impact Analysis (BIA);
9. Business Continuity Plan (BCP);
10. Resource Planning (usually part of the BCP);
11. Testing of Business Continuity Plans and regular updates to BCM documentation; and
12. Continuous improvement of the Business Continuity Management.
Please note: BCM can be integrated into enterprise risk management (ERM) to gain more efficiency and overcome management silos.
|
|
BCM-01.03B
|
The top management (or a member of the top management) of the cloud service provider is named as the process owner of business continuity and emergency management and is responsible for establishing the process within the company as well as ensuring compliance with the guidelines. They ensure that sufficient resources are made available for an effective process.
The top management responsibility can be delegated from top management to another individual as long this individual has the scope, responsibilities and capabilities to influence the cloud-service-wide business continuity strategy and activities just as the top management could do.
|
|
BCM-01.04B
|
People in management and other relevant leadership positions demonstrate leadership and commitment to this issue by encouraging personnel to actively contribute to the effectiveness of continuity and emergency management.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|