Back

Use available financial resources for the efficaciousness of the service continuity strategy.


CONTROL ID
01370
CONTROL TYPE
Testing
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system continuity plan strategies., CC ID: 00735

This Control has the following implementation support Control(s):
  • Include the ability to obtain additional liquidity in the continuity plan., CC ID: 12770
  • Minimize system continuity requirements., CC ID: 00753


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Calls for considering the cost of continuity strategies when selecting alternate activities and resources. Costs to think about include direct costs such as equipment purchases and indirect costs such as maintaining and installing the equipment. Frequently most costs can be deferred until it is time… (Pg 44, Australia Better Practice Guide - Business Continuity Management, January 2000)
  • The organization must ensure financial and administrative procedures have been developed to support the organizational resilience management program before, during, and after an incident. The procedures must ensure fiscal decisions can be expedited and that they are in accordance with accounting pri… (§ 4.4.1 ¶ 5, Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009)
  • - ensuring that policies and objectives are established for the business continuity management system and are compatible with the strategic direction of the organization, - ensuring the integration of the business continuity management system requirements into the organization’s business processes… (§ 5.2 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • Financial disbursement (purchase authorities and expense reimbursement for senior management during a disaster); and (TIER I OBJECTIVES AND PROCEDURES Business Continuity Planning (BCP) - General Objective 5:1 Bullet 3 Sub-Bullet 8, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Verify that management has evaluated strategies and resource needs and allocates appropriate resources to achieve resilience: (App A Objective 6:1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • The continuity plan should include procedures on how management can approve unanticipated expenses. (Pg 14, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • The Information System Contingency Plan Coordinator should ensure the chosen strategy can be implemented effectively within the financial resources of the organization. The costs of each of the different types of alternate sites, equipment replacement, and storage options must be weighed against bud… (§ 3.4.5, Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft))