Filter

Business Continuity Management and Operational Resilience (BCR)

Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes.


Login

Business Continuity Management and Operational Resilience (BCR)

Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities.


Login

Business Continuity Management and Operational Resilience (BCR)

Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards.


Login

Change Control and Configuration Management (CCC)

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually.


Login

Change Control and Configuration Management (CCC)

Level N/A

Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards.


Login

Change Control and Configuration Management (CCC)

Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced).


Login

Change Control and Configuration Management (CCC)

Restrict the unauthorized addition, removal, update, and management of organization assets.


Login

Change Control and Configuration Management (CCC)

Level N/A

Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs.


Login

Change Control and Configuration Management (CCC)

Establish change management baselines for all relevant authorized changes on organization assets.


Login

Change Control and Configuration Management (CCC)

Implement detection measures with proactive notification in case of changes deviating from the established baseline.


Login