| AID | 27 |
|---|---|
| Domain | Business Continuity Management and Operational Resilience |
| CID | BCR-01 |
| Control | Business Continuity Management Policy and Procedures |
| Control Specification | Establish, document, approve, communicate, apply, evaluate, and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually, or when significant changes occur that could impact risk exposure. |
| Control Type | Cloud & AI Related |
| AI CAIQ ID | BCR-01.2 |
| AI CAIQuestionnaire | Are policies and procedures reviewed and updated at least annually, or when significant changes occur that could impact risk exposure? |
| NIST AI 600-1 Mapping | No Mapping |
Reference: https://cloudsecurityalliance.org/artifacts/ai-controls-matrix