Back

Implement personnel supervisory practices.


CONTROL ID
00773
CONTROL TYPE
Behavior
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish and maintain the staff structure in line with the strategic plan., CC ID: 00764

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Implement adequate supervisory practices in the IT function to ensure that roles and responsibilities are properly exercised, to assess whether all personnel have sufficient authority and resources to execute their roles and responsibilities, and to generally review KPIs. (PO4.10 Supervision, CobiT, Version 4.1)
  • Define, monitor and supervise roles, responsibilities and compensation frameworks for personnel, including the requirement to adhere to management policies and procedures, the code of ethics, and professional practices. The level of supervision should be in line with the sensitivity of the position … (PO7.3 Staffing of Roles, CobiT, Version 4.1)
  • The organization should ensure communications, responsibilities, and lines of authority are clear and direct. The communications channels should allow interaction amongst personnel and the accomplishment of the organization's mission. (Revised Volume 1 Pg 2-I-26, Protection of Assets Manual, ASIS International)
  • actively undertaking and encouraging mentoring, coaching and supervising employees to promote compliant behaviour; (§ 5.3.5 ¶ 1 d), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • assessment and reporting (including management supervision) to ensure that employees comply with procedures; (§ 8.2 ¶ 5 d), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • The organization must provide adequate supervision and review of personnel, including each computer operations shift. (CSR 4.2.1, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Reviewing and monitoring of activities performed during rotation of duties. (App A Objective 14:4f, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Independently monitoring activities. (App A Objective 14:4d, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Employment standards must include minimum staffing levels. (§ 44935(a), TITLE 49, Subtitle VII - Aviation Programs, December 5, 2001)