graphgrc

SOC2 - CC9.1

The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions

Considers Mitigation of Risks of Business Disruption

Risk mitigation activities include the development of planned policies, procedures, communications, and alternative processing solutions to respond to, mitigate, and recover from security events that disrupt business operations. Those policies and procedures include monitoring processes and information and communications to meet the entity’s objectives during response, mitigation, and recovery efforts.

Considers the Use of Insurance to Mitigate Financial Impact Risks

The risk management activities consider the use of insurance to offset the financial impact of loss events that would otherwise impair the ability of the entity to meet its objectives.

Mapped SCF controls

• BCD-01 - Business Continuity Management System (BCMS)
• BCD-07 - Alternative Security Measures
• TPM-01 - Third-Party Management
• TPM-02 - Third-Party Criticality Assessments
• TPM-03 - Supply Chain Protection
• TPM-03.1 - Acquisition Strategies, Tools & Methods
• TPM-03.2 - Limit Potential Harm
• TPM-03.3 - Processes To Address Weaknesses or Deficiencies
• TPM-04.4 - Third-Party Processing, Storage and Service Locations
• TPM-05 - Third-Party Contract Requirements
• TPM-06 - Third-Party Personnel Security
• TPM-07 - Monitoring for Third-Party Information Disclosure
• TPM-08 - Review of Third-Party Services
• TPM-09 - Third-Party Deficiency Remediation
• TPM-10 - Managing Changes To Third-Party Services

This site is open source. Improve this page.