The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions
Risk mitigation activities include the development of planned policies, procedures, communications, and alternative processing solutions to respond to, mitigate, and recover from security events that disrupt business operations. Those policies and procedures include monitoring processes and information and communications to meet the entity's objectives during response, mitigation, and recovery efforts.
The risk management activities consider the use of insurance to offset the financial impact of loss events that would otherwise impair the ability of the entity to meet its objectives.
- BCD-01 - Business Continuity Management System (BCMS)
- BCD-07 - Alternative Security Measures
- TPM-01 - Third-Party Management
- TPM-02 - Third-Party Criticality Assessments
- TPM-03 - Supply Chain Protection
- TPM-03.1 - Acquisition Strategies, Tools & Methods
- TPM-03.2 - Limit Potential Harm
- TPM-03.3 - Processes To Address Weaknesses or Deficiencies
- TPM-04.4 - Third-Party Processing, Storage and Service Locations
- TPM-05 - Third-Party Contract Requirements
- TPM-06 - Third-Party Personnel Security
- TPM-07 - Monitoring for Third-Party Information Disclosure
- TPM-08 - Review of Third-Party Services
- TPM-09 - Third-Party Deficiency Remediation
- TPM-10 - Managing Changes To Third-Party Services