← Controls / CP

CP-07 Alternate Processing Site

Contingency Planning

Low Moderate High

Description

The organization identifies an alternate processing site and initiates necessary agreements to permit the resumption of information system operations for critical mission/business functions within [Assignment: organization-defined time period] when the primary processing capabilities are unavailable.

Supplemental Guidance

Equipment and supplies required to resume operations within the organization-defined time period are either available at the alternate site or contracts are in place to support delivery to the site. Timeframes to resume information system operations are consistent with organization-established recovery time objectives.

Changes from Rev 4

Control text changes from 'information security safeguards' to 'controls' Discussion expands on controls that are covered by alternate processing site agreements

MITRE ATT&CK Techniques (16)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Defense Evasion 4 Collection 1 Impact 11

Compliance Mappings

ISO 27001:2022

A.5.29A.5.30A.8.14

ISO 27002:2022

5.295.308.14

COBIT 2019

BAI04DSS04

NIST CSF 2.0

PR.IR-03

SOC 2 TSC

A1.2

CSA CCM v4

BCR-03BCR-11

CSA AICM v1

BCR-03BCR-11

ISO 42001:2023

A.4.5

NIS2 Directive

Art. 21(2)(c)

PRA Operational Resilience

SS1/21-5.3SS2/21-10.1

MAS TRM

8

BSI IT-Grundschutz

DER.4

ANSSI

Hygiene.30SecNumCloud.18.3

FINMA Circular 2023/1

IV.E(89)IV.E(90)IV.E(91)

OSFI B-13

B-13.2.6

EU GDPR

Art.32(1)(c)

EU DORA

Art.11(3)Art.12(2)Art.12(5)

BIO2

5.295.308.14

RBI CSF

ITGRCA.29

FISC Security Guidelines

FISC.F5FISC.O5

LGPD + BCB 4893

BCB.Art.3

HKMA TM-E-1

TME1.6.2TME1.6.4

MLPS 2.0

8.1.4.9

DNB Good Practice

DNB.11.1DNB.18.1

EU CRA

CRA.I.2h

NCA ECC

3-13-2

UAE IA

T12

CBB TM

TM-14

Qatar NIA

BC

CBUAE

CR-13

CBE CSF

OVM-2

SA JS2

JS2-7.5

CBN CSF

Part3.7

BoG CISD

CISD-BCMCISD-XII

BoM CTRM

5.2

IOSCO Cyber Resilience

PFMI-17RR-2

BCBS 239

Principle 2Principle 5

CPMI-IOSCO PFMI

CG.RRPFMI.P17

NYDFS 500

500.16

HIPAA Security Rule

§164.308(a)(7)(i)§164.308(a)(7)(ii)(B)§164.310(a)(2)(i)

ECB CROE

CROE.2.5.2

EBA ICT Guidelines

3.7.2

SEBI CSCRF

BCP-DRRC.RP

BOT Cyber Resilience

Ch4.2

API 1164

Sec 11

Solvency II

DR.266-BCPEIOPA-ICT-4.10

Lloyd's Minimum Standards

MS8.6

NAIC Insurance Data Security

4F-b

PRA SS1/23

P-IT.3

FCA SYSC 13

SYSC 13.8.1SYSC 13.8.2

HITRUST CSF v11

12.b

ISO 27799

17.217.3

NHS DSPT

NDG-7.1NDG-7.2

MiCA

Art.68(5)Art.62(5)Art.62(6)

Basel SCO60

SCO60.53SCO60.65

BSSC Standards

NOS-07

SEC Custody (Digital Assets)

SEC-CD-12

ISO 17799 (legacy)

14.1.4

COBIT 4.1 (legacy)

DS4.1DS4.8