+BCM-03.01B

1. Übersicht

BCM-03.01B

Based on the results of the business impact analysis, business continuity plans are documented in a consistent manner, and in accordance with applicable policies and procedures.

Business continuity plans take the following aspects into account:

1. Defined purpose and scope with consideration of the relevant dependencies;
2. Accessibility and comprehensibility of the plans for persons who are to act accordingly;
3. Ownership by at least one designated person responsible for review, updating and approval;
4. Defined communication channels, roles and responsibilities including notification of the customer;
5. Recovery procedures, manual interim solutions and reference information (taking into account prioritisation in the recovery of cloud hardware objects and services and alignment with customers);
6. Methods for putting the plans into effect;
7. Continuous process improvement;
8. Consistency over all locations, zones, regions and partitions; and
9. Interfaces to Security Incident Management.

Although different partitions do not share a common IAM (and hence no common personnel for BCM), business continuity plans may be shared between different partitions since the same cloud services are provided.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html