Back

Include continuity wrap-up procedures and continuity normalization procedures during continuity planning.


CONTROL ID
00761
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity framework., CC ID: 00732

This Control has the following implementation support Control(s):
  • Re-accredit the continuity procedures after an emergency occurs., CC ID: 01246


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • When developing contingency plans, the organization shall develop a procedures manual that defines procedures for controlling the emergency at an early stage and restoring normal operations. (O65.3(6), FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Do the plans include a procedure for standing down the response and returning to normal business? (Operation ¶ 30, ISO 22301: Self-assessment questionnaire)
  • After an incident that requires activating the business continuity plan or the incident management plan, a post-incident review must be conducted to identify the incident's cause and nature; assess how adequately management responded; assess the effectiveness of meeting recovery time objectives; ass… (§ 4.4.3.4, BS 25999-2, Business continuity management. Specification, 2007)
  • The organization should include post-event evaluation process(as) for developing and implementing preventive and corrective actions when it creates its incident prevention, preparedness, and response procedures. The organization must review the incident prevention, preparedness, and response procedu… (§ 4.4.7 ¶ 3(m), § 4.4.7 ¶ 4, Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009)
  • The availability of critical business processes should be improved by automatically identifying and recovering transactions following a business application / system failure. (CF.20.03.03c, The Standard of Good Practice for Information Security)
  • The availability of critical business processes should be improved by automatically identifying and recovering transactions following a business application / system failure. (CF.20.03.03c, The Standard of Good Practice for Information Security, 2013)
  • The organization shall have documented procedures to restore and return business activities from the temporary measures adopted to support normal business requirements after an incident. (§ 8.4.5 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • a process for standing down once the incident is over. (§ 8.4.4 ¶ 2 g), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • a process for standing down. (§ 8.4.4.3 h), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • The organization shall have documented processes to restore and return business activities from the temporary measures adopted during and after a disruption. (§ 8.4.5 ¶ 1, ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Preparation for return to normal operations once the permanent facilities are available. (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:2 Bullet 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Resumption of a normalized state for business processes. (App A Objective 8:1k, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Test results should be documented and should include test locations, an executive summary, problems discovered during testing, and deviations from the test plan. The test results should be evaluated to ensure they meet the test objectives. If they do not, corrective measures should be taken and foll… (Pg 25 thru Pg 27, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • Obtain the institution's written contingency and business continuity plans for Obtain the institution's written contingency and business continuity plans for partial or complete failure of the systems and/or communication lines between the bank and correspondent bank, service provider, CHIPS, Federa… (Exam Tier II Obj 10.1, FFIEC IT Examination Handbook - Wholesale Payment Systems, July 2004)
  • The Reconstitution Phase defines the actions to test and validate the system's capabilities and functionality. It consists of two major activities: validating successful recovery and deactivating the plan. Recovery validation typically involves concurrent processing (running the system at two locati… (§ 4.4, Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft))