Home » Pillars » RC.CC: Recovery Controls & Capabilities » RC.CC-3 Link Business Continuity and Recovery Controls

Description

Organisations must identify business continuity and recovery controls, and ensure the two work hand in hand, at least, collaboratively. It is not uncommon for organizations to have separate business continuity stakeholders, controls and arrangements different to those that exist for cyber recovery and resilience; however, where possible, it is important to identify the relationship between the two, and knowing that most cyber recovery activities will require business continuity efforts. For example, it is a business continuity measure/mandate to have backup sites and facilities, and equally, when a cyber incident occurs that impacts one site or facility, then cyber recovery will require the backup sites and facilities to be utilized. Hence, to achieve better efficiencies and effectiveness, it is essential that business continuity and cyber recovery arrangements are collaborative.