Establish and implement strategies and capabilities for secure, standardized, and compliant application deployment. Automate where possible.
Define and implement a process to remediate application security vulnerabilities, automating remediation when possible.
Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually.
Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resilience strategies and capabilities.
Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite.
Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities.
Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically.
Exercise and test business continuity and operational resilience plans at least annually or upon significant changes.
Establish communication with stakeholders and participants in the course of business continuity and resilience procedures.
Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency.