Commit 823e80d3 authored by Usha Swaminathan's avatar Usha Swaminathan
Browse files

Update BC.1.01_business_continuity_plan.html.md

parent 4bc59921
Pipeline #117708547 passed with stages
in 21 minutes and 14 seconds
......@@ -55,19 +55,28 @@ Based on the above, GitLab business continuity plan will have team and departmen
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the [Business Continuity Plan issue](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/issues/774) .
### Policy Reference
* [GitLab Business Continuity Plan in Handbook](https://about.gitlab.com/handbook/business-ops/gitlab-business-continuity-plan.html)
* [GitLab Disaster Recovery](https://about.gitlab.com/handbook/engineering/infrastructure/library/disaster-recovery/)
* [GitLab High Availability](https://about.gitlab.com/solutions/high-availability/)
* [GitLab Infra Epic for Geo](https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/1)
* [GitLab Handbook listing of DR for Databases](https://about.gitlab.com/handbook/engineering/infrastructure/database/disaster_recovery.html)
* [NIST Guidance on Business Continuity](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf)
* [PCI DSS v3.2.1 - Business Continuity Plan](https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1551196697261#page=113)
* [Geo and Disaster Recovery](/handbook/engineering/development/enablement/geo/)
* [DR Design](/handbook/engineering/infrastructure/library/disaster-recovery/#design)
* [DR for Databases](/handbook/engineering/infrastructure/database/disaster_recovery.html)
* [GitLab DR Design](/handbook/engineering/infrastructure/library/disaster-recovery/#design)
* [GitLab DR for Databases](/handbook/engineering/infrastructure/database/disaster_recovery.html)
## Framework Mapping
* ISO
* A.17.1.1
* A.17.1.2
* SOC2 CC
* CC7.5
* CC9.1
* SOC2 Availability
* A1.2
* PCI
* 12.10.1
- ISO
- `A.17.1.1` - The organization shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.
- `A.17.1.2` - The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.
- SOC2 CC
- `CC7.5` - The entity identifies, develops, and implements activities to recover from identified security incidents.
- `CC9.1` - The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions.
- SOC2 Availability
- `A1.2` - The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.
- PCI
- `12.10.1` - Implement an incident response plan. Be prepared to respond immediately to a system breach.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment