Confidentiality, Integrity, Availability
This concern focuses on the sustainability and continuity of the organization in an environment of Risks.
Questions:
- Have Risks been identified?
- Have the Risks been assessed?
- Are there procedures for protecting the confidentiality of organizational information?
- Are there continuity plans in case of major disasters or outages?
- Are there access procedures that prevent unauthorized access to information and locations?
- Have these arrangements been tested?
- Are the arrangements fit for purpose?
- Have any arrangements been included in the budgets / plans for the organization?