This Control directly supports the implied Control(s):
Establish, implement, and maintain a capacity management plan., CC ID: 11751
This Control has the following implementation support Control(s):
Establish, implement, and maintain workload forecasting tools., CC ID: 00936
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Guidelines for capacity planning should be established, which clearly set out, among others, system utilization threshold and corresponding precautionary measures (e.g. to step up monitoring of system utilization and perform system upgrades when the peak utilization level reaches the predetermined c… (§ 9.2.2, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
The FI should establish monitoring processes and implement appropriate thresholds to provide sufficient time for the FI to plan and determine additional resources to meet operational and business requirements effectively. (§ 7.5.2, Monetary Authority of Singapore: Technology Risk Management Guidelines)
The planning of capacities and resources (personnel and IT resources) follows an established procedure in order to avoid capacity bottlenecks. The procedures include forecasts of future capacity requirements in order to identify use trends and master system overload risks. (Section 5.6 RB-01 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
Conduct performance and capacity forecasting of IT resources at regular intervals to minimise the risk of service disruptions due to insufficient capacity or performance degradation, and identify excess capacity for possible redeployment. Identify workload trends and determine forecasts to be input … (DS3.3 Future Performance and Capacity, CobiT, Version 4.1)
Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary. (T0281, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary. (T0281, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
