WorkAxle Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

A set of plans is established to prepare for, respond to, and recover from unexpected events that could disrupt operations

This includes a Business Continuity and Disaster Recovery (BCDR) Plan and an Incident Response Plan (IRP).

The BCDR plan ensures essential operations can continue and recover swiftly during emergencies by outlining procedures and regularly testing and updating these strategies to keep them effective. The IRP defines the steps to take during cybersecurity incidents, including identifying, containing, and recovering from threats. It also covers communication protocols with stakeholders to enable prompt and coordinated responses, minimizing impact and downtime.

Alternate processing capabilities are established to maintain business operations during disruptions or outages of primary computing infrastructure

This involves deploying redundant systems, backup facilities, and mechanisms to shift workloads to alternate environments as needed. These measures aim to reduce the impact of interruptions and ensure continuity of services for customers and stakeholders.

Clear incident reporting guidelines are defined and communicated to facilitate prompt and effective responses to security incidents

The process includes identifying and categorizing incidents, notifying relevant stakeholders, documenting incident details, and conducting post-incident analysis to address vulnerabilities. These guidelines help ensure compliance with legal and regulatory reporting requirements while supporting a coordinated response to minimize the impact of incidents.

Lessons learned from Business Continuity and Disaster Recovery (BCDR) activities, incident responses, and testing are documented to identify areas for improvement

Response teams review incidents, assess the effectiveness of existing plans, and identify any gaps or weaknesses. Based on these insights, they develop and implement corrective actions to enhance future response capabilities, reducing the likelihood of similar incidents and strengthening the organization's overall resilience.

Regular testing of the Business Continuity and Disaster Recovery (BCDR) plan is conducted at least annually to ensure preparedness for disruptive events, such as natural disasters, cyberattacks, or system failures

Testing evaluates the effectiveness of recovery procedures and confirms that critical systems can be restored quickly. It also helps ensure that employees are familiar with their roles and responsibilities, allowing for a coordinated and efficient response during emergencies.

System backups are conducted to safeguard data and ensure business continuity

These backups include both online and offline copies to provide robust protection against data loss, system failures, or cyberattacks. Offline backups are kept on separate, disconnected media to prevent unauthorized access or corruption. Additionally, regular backup testing is performed to confirm the effectiveness and reliability of restoring critical data and system configurations. This ensures that backups can be successfully used to restore systems and minimize downtime in case of unexpected disruptions.