Back

Include continuity wrap-up procedures and continuity normalization procedures during continuity planning.


CONTROL ID
00761
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity framework., CC ID: 00732

This Control has the following implementation support Control(s):
  • Re-accredit the continuity procedures after an emergency occurs., CC ID: 01246


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • When developing contingency plans, the organization shall develop a procedures manual that defines procedures for controlling the emergency at an early stage and restoring normal operations. (O65.3(6), FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Do the plans include a procedure for standing down the response and returning to normal business? (Operation ¶ 30, ISO 22301: Self-assessment questionnaire)
  • After an incident that requires activating the business continuity plan or the incident management plan, a post-incident review must be conducted to identify the incident's cause and nature; assess how adequately management responded; assess the effectiveness of meeting recovery time objectives; ass… (§ 4.4.3.4, BS 25999-2, Business continuity management. Specification, 2007)
  • The organization should include post-event evaluation process(as) for developing and implementing preventive and corrective actions when it creates its incident prevention, preparedness, and response procedures. The organization must review the incident prevention, preparedness, and response procedu… (§ 4.4.7 ¶ 3(m), § 4.4.7 ¶ 4, Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009)
  • The availability of critical business processes should be improved by automatically identifying and recovering transactions following a business application / system failure. (CF.20.03.03c, The Standard of Good Practice for Information Security)
  • The availability of critical business processes should be improved by automatically identifying and recovering transactions following a business application / system failure. (CF.20.03.03c, The Standard of Good Practice for Information Security, 2013)
  • The organization shall have documented procedures to restore and return business activities from the temporary measures adopted to support normal business requirements after an incident. (§ 8.4.5 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • a process for standing down once the incident is over. (§ 8.4.4 ¶ 2 g), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • a process for standing down. (§ 8.4.4.3 h), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • The organization shall have documented processes to restore and return business activities from the temporary measures adopted during and after a disruption. (§ 8.4.5 ¶ 1, ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Preparation for return to normal operations once the permanent facilities are available. (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:2 Bullet 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Resumption of a normalized state for business processes. (App A Objective 8:1k, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Test results should be documented and should include test locations, an executive summary, problems discovered during testing, and deviations from the test plan. The test results should be evaluated to ensure they meet the test objectives. If they do not, corrective measures should be taken and foll… (Pg 25 thru Pg 27, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • Obtain the institution's written contingency and business continuity plans for Obtain the institution's written contingency and business continuity plans for partial or complete failure of the systems and/or communication lines between the bank and correspondent bank, service provider, CHIPS, Federa… (Exam Tier II Obj 10.1, FFIEC IT Examination Handbook - Wholesale Payment Systems, July 2004)
  • The Reconstitution Phase defines the actions to test and validate the system's capabilities and functionality. It consists of two major activities: validating successful recovery and deactivating the plan. Recovery validation typically involves concurrent processing (running the system at two locati… (§ 4.4, Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft))
  • Cleanup. Cleanup is the process of cleaning up work space or dismantling any temporary recovery locations, restocking supplies, returning manuals or other documentation to their original locations, and readying the system for another contingency event. (§ 4.4 ¶ 3 Bullet 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • The Reconstitution Phase is the third and final phase of ISCP implementation and defines the actions taken to test and validate system capability and functionality. During Reconstitution, recovery activities are completed and normal system operations are resumed. If the original facility is unrecove… (§ 4.4 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • Once all activities and steps have been completed and documentation has been updated, the ISCP can be formally deactivated. An announcement with the declaration should be sent to all business and technical contacts. (§ 4.4 ¶ 4, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • Offsite Data Storage. If offsite data storage is used, procedures should be documented for returning retrieved backup or installation media to its offsite data storage location. (§ 4.4 ¶ 3 Bullet 3, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))