DS4.1 IT Continuity Framework
Develop a framework for IT continuity to support enterprise-wide business continuity management with a consistent process. The objective of the framework is to assist in determining the required resilience of the infrastructure and to drive the development of disaster recovery and IT contingency plans.
The framework should address the organizational structure for continuity management, covering the roles, tasks and responsibilities of internal and external service providers, their management and their customers, and the rules and structures to document, test and execute the disaster recovery and IT contingency plans. The plan should also address items such as the identification of critical resources, the monitoring and reporting of the availability of critical resources, alternative processing, and the principles of backup and recovery.
Illustrative Controls and the TIBCO LogLogic Solution
Policies and procedures addressing backup and restoration activities must be documented, communicated, and updated to ensure guidance reflects current business conditions.
To satisfy this control objective, all policies and procedures must be accessed, reviewed, and updated periodically by appropriate users. Lack of access to these policies and procedures must indicate that they have not been regularly reviewed and updated.
Verify that IT Continuity Framework documents have been reviewed periodically by authorized personnel.