Is there anything relevant to recovery / graceful functional degradation in SoC2?
If not, this feels like an obvious match there.
E.g. "Company has a defined and demonstrated process by which they can (a) offer degraded but limited functionality in the event of full system outage & (b) accept data updates via a backup method, until system restoration."
I mean, better than not. Everytime I see something basic in a standard, it makes me realize there were businesses out there who weren't doing anything of the sort.
If not, this feels like an obvious match there.
E.g. "Company has a defined and demonstrated process by which they can (a) offer degraded but limited functionality in the event of full system outage & (b) accept data updates via a backup method, until system restoration."
Sure would have helped with Change Healthcare...