The organization should ensure that the data center has an appropriate risk management framework in which there is a logical and systematic approach to identifying, analysing, treating and monitoring the risks involved in any activity and process that might affect the data center facility and services.
The organization should ensure a sustained management commitment for resourcing in order to minimize, monitor, and control the probability and/or impact of unfortunate events and/or disasters on the data center facility and services it provides to the extent that they might impact SLAs.
Risk management program
Senior management should implement active on-going risk management programs to minimize and mitigate all risks to the data center and manage those risks over the life cycle of the data center. Consideration should be given to ISO 31000.