A business contuinity plan (BCP) exists for potential disaster scenario’s that could affect the critical processes.
The business contuinity plan is reviewed at least annually.
The business continuity plan is tested periodically.
Specification
The BCP needs to differentiate steps to restore minimal business functions for all critical processes (this can include using the processes or systems of other organisations to continue primary processes).
Testing of the BCP can be done through tabletop exercises, simulations or a full test. It is recommended to test the BCP at least once every 2 years.
ISO 27001 & 27002:2022
A5.5,
A5.6,
A5.29,
A5.30
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
BC.01 Bedrijfscontinuïteitsplanning
BC.02 Testen van Disaster recovery
BC.05 Crisismanagement