Effective from Feb 28 2017 - Feb 27 2017 To view other versions open the versions tab on the right
Principle
The Member Organization should ensure that critical services, business functions and processes run on reliable and robust infrastructure and software.
Objective
To ensure each that the Member Organization's critical services, business functions and processes are available when required and resistant to disruptions.
Control considerations
1.
All changes to the infrastructure and software, which directly support the identified critical services, business functions and processes, should:
a.
Be subject to in-depth risk assessments to ensure the agreed business requirements regarding availability and recovery are met.
b.
Follow strict development, testing and change management procedures to avoid single point of failures or malfunctioning.
2.
A periodic architectural review should be defined and approved to ensure the business requirements regarding availability and business continuity are being correctly addressed and implemented.
