RSK-08
Business Impact Analysis (BIA)
Description
Mechanisms exist to conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks.
Control Question
Does the organization conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks?
Control Metadata
Domain:
Risk Management
Validation Cadence:
Annual
Evidence Request List:
E-CHG-01
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
21(d)
MAS TRM
5.1.35.3.3
HKIA GL20
1.11.21.31.41.52.12.22.3