Tested plans to maintain or restore operations after disruptive events; measured by RTO/RPO.
Business Continuity Planning (BCP) addresses how the business continues operating during a disruption; Disaster Recovery (DR) addresses the technical recovery of systems and data. Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are the operative metrics.
Run a free ComplianceIQ audit against SOC 2 and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.