Skip to contentCYBERINFO
|

Control 8.14 : Redundancy of Information Processing Facilities

Summary

Information processing facilities should be implemented with redundancy sufficient to meet availability requirements. This ensures that the organization can continue to operate even if a major technical component or location fails.

Applicability

In-Scope: Critical for organizations with high-availability requirements. It addresses the need for no single point of failure in the technical architecture.

Out-of-Scope: Only partially reducible for very small, non-critical systems, though basic redundancy remains a best practice.

Implementation Guidance

Microsoft 365 / Entra ID

  • Cloud High-Availability: Rely on the native redundancy of Microsoft 365, which replicates data across multiple geographically distributed data centers within a region.

  • Azure Availability Zones: Deploy critical Azure workloads across multiple Availability Zones to protect against the failure of a single data center building.

  • Load Balancing: Utilize Azure Front Door or Azure Load Balancer to distribute traffic across redundant instances of an application, ensuring continuous service during maintenance or failure.

Evidence Checklist

  • High Availability Design: A technical diagram showing the redundant components of critical systems (e.g., redundant internet, power, and servers).

  • Service Health Reports: Evidence from the Microsoft Service Trust Portal showing the historical uptime and redundancy performance of the cloud provider.

  • Failover Test Records: Documentation of successful tests where the system automatically switched to a redundant component during a simulated failure.

Practical Audit Advice

Here are some questions the auditor might ask:

  • What are the single points of failure in your current technical environment, and what is the plan to mitigate them?

  • How does the organization verify that its cloud provider's redundancy claims actually meet the business's uptime requirements?

  • In the event of a total regional outage of your primary cloud service, what is the plan for maintaining critical business functions?

  • How often is the failover mechanism tested to ensure it will work as expected during a real crisis?