Confidentiality, Integrity, Availability

 

This concern focuses on the sustainability and continuity of the organization in an environment of Risks.

Questions:

  • Have Risks been identified?
  • Have the Risks been assessed?
  • Are there procedures for protecting the confidentiality of organizational information?
  • Are there continuity plans in case of major disasters or outages?
  • Are there access procedures that prevent unauthorized access to information and locations?
  • Have these arrangements been tested?
  • Are the arrangements fit for purpose?
  • Have any arrangements been included in the budgets / plans for the organization?