Back

Include managing multiple responding organizations in the emergency communications procedure.


CONTROL ID
01249
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Include emergency communications procedures in the continuity plan., CC ID: 00750

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization must develop, implement, and maintain procedures, with regard to the hazards, threats, risks, and its organizational resilience management system, to assure multiple responding organizations and personnel are interoperable. (§ 4.4.3 ¶ 1(i), Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009)
  • The organization shall establish, implement, and maintain procedure(s) for - internal communication amongst interested parties and employees within the organization, - external communication with customers, partner entities, local community, and other interested parties, including the media, - recei… (§ 7.4 ¶ 2, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • facilitating structured communication with emergency responders, (§ 8.4.3 ¶ 1 f), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • recording of vital information about the incident, actions taken and decisions made, and the following shall also be considered and implemented where applicable: — alerting interested parties potentially impacted by an actual or impending disruptive incident; — assuring the interoperability of m… (§ 8.4.3 ¶ 1 g), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • ensuring appropriate coordination and communication between multiple responding organizations. (§ 8.4.3.2 b), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Undertake case-based reporting to WHO within 24 hours under IHR (2005) (Pillar 3 Step 2 Action 2, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Does the Business Continuity and Disaster Recovery program include interaction with the media during an event? (§ K.1.2.12, Shared Assessments Standardized Information Gathering Questionnaire - K. Business Continuity and Disaster Recovery, 7.0)
  • Communication with employees, emergency personnel, regulators, vendors/ suppliers, customers, and the media; (TIER I OBJECTIVES AND PROCEDURES Business Continuity Planning (BCP) - General Objective 5:1 Bullet 3 Sub-Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Emergency responders. (App A Objective 7:1b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Information-sharing entities (e.g., FS-ISAC). (App A Objective 7:1e, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Financial sector trade associations. (App A Objective 7:1d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Law enforcement. (App A Objective 7:1c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Information system contingency plans are rarely developed or executed on their own. When an incident occurs that impacts information system operations, it often impacts the organization's personnel. Proper considerations for the safety, security, and well-being of personnel should be planned for in … (Appendix D ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))