+BCM-03 Business Continuity Plans
---+BCM-03.01B
---+BCM-03.02B
---+BCM-03 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
BCM-03 Business Continuity Plans
-
| Bezeichnung |
Standard |
|
BCM-03.01B
|
Based on the results of the business impact analysis, business continuity plans are documented in a consistent manner, and in accordance with applicable policies and procedures.
Business continuity plans take the following aspects into account:
1. Defined purpose and scope with consideration of the relevant dependencies;
2. Accessibility and comprehensibility of the plans for persons who are to act accordingly;
3. Ownership by at least one designated person responsible for review, updating and approval;
4. Defined communication channels, roles and responsibilities including notification of the customer;
5. Recovery procedures, manual interim solutions and reference information (taking into account prioritisation in the recovery of cloud hardware objects and services and alignment with customers);
6. Methods for putting the plans into effect;
7. Continuous process improvement;
8. Consistency over all locations, zones, regions and partitions; and
9. Interfaces to Security Incident Management.
Although different partitions do not share a common IAM (and hence no common personnel for BCM), business continuity plans may be shared between different partitions since the same cloud services are provided.
|
|
BCM-03.02B
|
The business continuity plans are reviewed at regular intervals, at least once a year, or after significant organisational or environment-related changes.
Although different partitions do not share a common IAM (and hence no common personnel for BCM), business continuity plans may be shared between different partitions since the same cloud services are provided.
|
|
BCM-03 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that the results of their business impact analysis are sufficiently considered when planning the operational continuity and the business plan in order to provide for the effects of a failure of the cloud service or cloud service provider.
Cloud service customers ensure with suitable controls that the availability of the cloud service, its recovery time according to the BCM plan and the data loss of the cloud service are consistent with their own availability requirements and tolerable data loss.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|