DSS04.01 Define the Business Continuity Policy, Objectives, and Scope
Develop a framework to support enterprise-wide business continuity management with a consistent process. The objective of the framework is to assist in determining the required resilience of the infrastructure and to drive the development of disaster recovery and IT contingency plans.
The framework must address the organizational structure for continuity management, covering the roles, tasks and responsibilities of internal and external service providers, their management and their customers, and the rules and structures to document, test, and execute the disaster recovery and IT contingency plans. The plan must also address items such as the identification of critical resources, the monitoring, and reporting of the availability of critical resources, alternative processing, and the principles of backup and recovery.
Illustrative Controls and the TIBCO LogLogic Solution
Policies and procedures addressing backup and restoration activities must be documented, communicated, and updated to ensure guidance reflects current business conditions.
To satisfy this control objective, all policies and procedures must be accessed, reviewed, and updated periodically by appropriate users. Lack of access to these policies and procedures must indicate that they have not been regularly reviewed and updated.
Verify that IT Continuity Framework documents have been reviewed periodically by authorized personnel.
Reports and Filter Bloks
Use the following link or reference to see the DSS04.01 control reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.