Business Continuity Planning
Provide information security advice to assist in the analysis of incidents and to ensure that data is secure before, during, and after the execution of the business continuity plan.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Business Continuity Planning at each level of maturity.
- 2Basic
- Practice
- Provide information security guidance for backup, archiving, and systems recovery for a number of key datasets and business-critical support systems.
- Outcome
- Business continuity plans include some consideration of security risks and incidents.
- Metrics
- # of specific business continuity issues for which security advice has been provided.
- # of outstanding requests for business continuity advice.
- 3Intermediate
- Practices
- Standardize information security guidance for most aspects of business continuity planning and testing.
- Test the security features of the business continuity plans.
- Outcomes
- Detailed information security guidance for most key aspects is implemented in the business continuity plans.
- The plans are security tested and revised based on any test issues identified.
- Metrics
- # of specific business continuity issues for which security advice has been provided.
- # of outstanding requests for business continuity advice.
- 4Advanced
- Practices
- Provide comprehensive information security guidance for all aspects of business continuity planning and testing.
- Test and review backup, archive, and systems recovery processes, tools, and practices.
- Outcomes
- Comprehensive information security guidance is implemented in the business continuity plans.
- Backup, archive, and systems recovery processes, tools, and practices improve incrementally.
- Metrics
- # of specific business continuity issues for which security advice has been provided.
- # of outstanding requests for business continuity advice.
- % of restorations within service level agreement limits.
- Frequency of test review cycle.
- # of improvements identified in recent tests.
- 5Optimized
- Practices
- Continually inform the business continuity plans with the latest recommendations from security agencies and vendors, and from emerging research.
- Regularly test the security features of the business continuity plans and implement improvements and corrections for any security issues or problems encountered in testing.
- Outcomes
- Backup, archive, and systems recovery processes, tools, and practices show evidence of continual improvement.
- Any issues identified in testing are rapidly corrected.
- Metrics
- # of updates to the business continuity plans per time period.
- % of restorations within service level agreement limits.
- Frequency of test review cycle.
- # of improvements identified in recent tests.