CP-06 Alternate Storage Site

Control: The organization identifies an alternate storage site and initiates necessary agreements to permit the storage of information system backup information.

Supplemental Guidance: The frequency of information system backups and the transfer rate of backup information to the alternate storage site (if so designated) are consistent with the organization’s recovery time objectives and recovery point objectives.

Control Enhancements:

(1) The organization identifies an alternate storage site that is geographically separated from the primary storage site so as not to be susceptible to the same hazards.

(2) The organization configures the alternate storage site to facilitate timely and effective recovery operations.

(3) The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

Baseline: LOW Not Selected MOD CP-6 (1) (3) HIGH CP-6 (1) (2) (3)

Family: Contingency Planning

Class: Operational

ISO 17799 mapping: 10.5.1

COBIT 4.1 mapping: DS4.1, DS4.9

PCI-DSS v2 mapping: None.