BIZOPS-5 Disaster Recovery Plan

What is BIZOPS-5 Disaster Recovery Plan Control?

The BIZOPS-5 Disaster Recovery Plan talks about any organization that is prone to unforeseen events, and to remain resilient during such events requires some organization and preparation. In writing a disaster recovery plan (DRP) document, the exercise of “what if” scenarios must be contemplated, and resolution solutions must be anticipated and documented.

There are many methodologies out there. However, there are no formal requirements other than a logical step-by-step plan for the resolution of any issues that an unforeseen event would cause. TrustCloud provides an out-of-the-box policy that can be augmented to meet an organization’s specific needs.

Available tools in the marketplace

Tools

No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• Best practice from NIST in documenting a DRP  (National Institute of Standards and Technology)
• TrustCloud Disaster Recovery Plan template

Control implementation

NOTE: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefits of automation.

To implement this control manually,

Document a disaster recovery plan that includes:

• Business impact analysis
• Disaster recovery metrics
• Disaster recovery plan
• Recovery playbook

Review the policy at least annually.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

• Provide the most recent and updated disaster recovery procedures.

Evidence example

For the suggested action, an example is provided below:

• Provide disaster recovery procedures.

The following TrustCloud Disaster Recovery Plan template is shown as an example.