|
Article 14
|
- When the core system is outsourced, an organization shall ensure, based on the scope and characteristics of outsourced services, the recovery level, recovery time objective (RTO) and recovery point objective (RPO) of the core system can support the core business for recovery to the minimum acceptable service level after occurrence of a disaster. The organization shall perform regular exercise every year to validate feasibility of its core system.
- An organization shall include the above requirements on business continuity management in the outsource contract.
|