Effective from Jan 01 2022 - Dec 31 2021 To view other versions open the versions tab on the right
Control ID
Control requirement description
3.3.1.
The Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) should be defined, approved, communicated, implemented and periodically reviewed to enable the entities to continue delivering its critical services, at an acceptable pre-defined level.
3.3.2.
Entities should define and implement its backup and restoration requirements considering the following, but not limited to:
a.
legal and regulatory requirements;
b.
Critical and customer data;
c.
business requirements;
d.
schedule of the backup (daily, weekly, monthly, etc.);
e.
protection of confidential data stored in back up media through applying encryption techniques;
f.
storage of backup media offline or at an offsite location; and
