Controls

Terug naar overzicht
Version

SB.4.003 Business continuity management

Crisis & Incident Response
High
High
High
Organisation
v2.0 (Q1 2024)

A business contuinity plan (BCP) exists for potential disaster scenario’s that could affect the critical processes.

The business contuinity plan is reviewed at least annually.

The business continuity plan is tested periodically.

Specification

The BCP needs to differentiate steps to restore minimal business functions for all critical processes (this can include using the processes or systems of other organisations to continue primary processes).

Testing of the BCP can be done through tabletop exercises, simulations or a full test. It is recommended to test the BCP at least once every 2 years.

ISO 27001 & 27002:2022

A5.5,
A5.6,
A5.29,
A5.30

SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)

BC.01 Bedrijfscontinuïteitsplanning
BC.02 Testen van Disaster recovery
BC.05 Crisismanagement