Skip to main content

3.3 Resilience

No: NA Date(g): 1/1/2022 | Date(h): 28/5/1443 Status: In-Force
Control IDControl requirement description
3.3.1.The Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) should be defined, approved, communicated, implemented and periodically reviewed to enable the entities to continue delivering its critical services, at an acceptable pre-defined level.
3.3.2.Entities should define and implement its backup and restoration requirements considering the following, but not limited to:
 a.legal and regulatory requirements;
 b.Critical and customer data;
 c.business requirements;
 d.schedule of the backup (daily, weekly, monthly, etc.);
 e.protection of confidential data stored in back up media through applying encryption techniques;
 f.storage of backup media offline or at an offsite location; and
 g.secure destruction of backup data.
 h.restoration tests.
Ref. to other SAMA Framework(s)
Business Continuity Management Framework
- 2.5 Business Continuity Plan
- 2.6 Disaster Recovery Plan
- 2.7 Cyber Resilience