Does your organization maintain sufficient capacity to ensure data availability during peak loads and unexpected surges?
Explanation
Capacity for availability is the concern: whether you maintain enough headroom to keep data available during peak loads and unexpected surges. This includes having sufficient storage, processing power, bandwidth, and other resources to handle normal operations, peak loads, and unexpected surges in demand.
Evidence could include capacity planning documentation, performance monitoring reports, load testing results, auto-scaling configurations, or documentation of redundant systems that can be activated during high-demand periods.
Context
- Function
- PR: PROTECT
- Category
- PR.DS: Data Security
- Sub-Category
- Adequate capacity to ensure availability is maintained
Related questions
- Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?
- Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?
- Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?
- Does your organization have a policy and technical controls to restrict the use of removable media devices?
- Does your organization physically secure all removable media containing unencrypted sensitive information?
- Does your organization implement cryptographic controls to protect the confidentiality and integrity of network communications?

