|
+BCM-02.01B |
1. ÜbersichtBCM-02.01BThe cloud service provider performs a Business Impact Analysis (BIA). In this BIA, the cloud service provider analyses the impact of disrupting activities to its organisation with respect the development and operations of the cloud service in accordance with applicable policies and procedures with at least the following aspects:1. Possible scenarios based on a risk assessment that includes cybersecurity risks; 2. Identification of critical products and services; 3. Identification of dependencies, including processes (including resources required), applications, business partners and third parties; 4. Capturing threats to critical products and services; 5. Identification of effects resulting from planned and unplanned outages, service degradations and changes over time; 6. Determination of the maximum tolerable period of downtime and service degregation; 7. Identification of restoration priorities; 8. Determination of time targets for the resumption of critical products and services within the maximum acceptable time period (i.e. RTO); 9. Determination of time targets for the maximum reasonable period during which cloud service derived data, cloud service provider data, account data and, if its processing is contractually agreed upon, cloud service customer data can be lost and not recovered (i.e. RPO); and 10. Estimation of the resources needed for resumption. Scenarios to be considered according to the basic criterion are, for example, the loss of personnel, buildings, infrastructure and service providers.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|