Back

Separate the alternate facility from the primary facility through geographic separation.


CONTROL ID
01394
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Designate an alternate facility in the continuity plan., CC ID: 00742

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • AIs should examine the extent to which key business functions are concentrated in the same or adjacent locations and the proximity of the alternate sites to primary sites. Alternate sites should be sufficiently distanced to avoid being affected by the same disaster (e.g. they should be on separate o… (5.1.2, Hong Kong Monetary Authority Supervisory Policy Manual TM-G-2 Business Continuity Planning, V.1 - 02.12.02)
  • If CMT members need to be evacuated from their primary business locations, AIs should set up command centres to provide the necessary workspace and facilities for the CMT. Command centres should be sufficiently distanced from AIs’ primary business locations to avoid being affected by the same disa… (4.2.3, Hong Kong Monetary Authority Supervisory Policy Manual TM-G-2 Business Continuity Planning, V.1 - 02.12.02)
  • When establishing backup sites, the organization should ensure they do not have risk factors similar to the computer centers. (T25.3, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Never share the same risk factors (fires, earthquakes, power failure, etc.) with the computer center. (P74.3. ¶ 1(1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The FI should establish a recovery site that is geographically separate from the primary site to enable the restoration of critical systems and resumption of business operations should a disruption occur at the primary site. (§ 8.2.5, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • The FI's secondary or disaster recovery DC should be geographically separated from its primary or production DC so that both sites will not be impacted by a disruption to the underlying infrastructure (e.g. telecommunications and power) in a particular location. (§ 8.5.4, Technology Risk Management Guidelines, January 2021)
  • Recovery sites should be located far enough away from the primary site, so as not to be impacted by the same disaster. (Attach B ¶ 13, APRA Prudential Practice Guide 234: Management of security risk in information and information technology)
  • The organization should ensure that offshore locations transfer Information Technology assets to a location that will not likely be subjected to the same disaster, including man-made disasters. (Attach B ¶ 18, APRA Prudential Practice Guide 234: Management of security risk in information and information technology)
  • All components required to enact the recovery plans would typically be located at a sufficient distance from the operational site(s) so that they are not impacted by the same disaster. This includes: recovery sites and hardware; backups of data/information and software; and copies of the recovery pl… (Attachment B ¶ 13, APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • APRA envisages that recovery of IT assets pertaining to the Australian-regulated operations would be to a location that is not likely to be subject to the same disaster (including manmade). (Attachment B ¶ 18, APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • Measures to avoid that a single scenario, incident or disaster might impact both ICT production and recovery systems; (Title 3 3.3.4(a) 54.b(i), Final Report Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP))
  • When restoring backup data using own systems, financial entities shall use ICT systems that are physically and logically segregated from the source ICT system. The ICT systems shall be securely protected from any unauthorised access or ICT corruption and allow for the timely restoration of services … (Art. 12.3. ¶ 1, Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • located at a geographical distance from the primary processing site to ensure that it bears a distinct risk profile and to prevent it from being affected by the event which has affected the primary site; (Art. 12.5. ¶ 2(a), Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • The location of the alternate site should be adequately distanced from the primary site so both sites are not affected by the same threat. (¶ 43, BIS Sound Practices for the Management and Supervision of Operational Risk)
  • What is the distance between the primary servers and backup servers? (Table Row XII.15, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Is the backup facility on a different power grid than the primary facility? (Table Row XII.16, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards. (BCR-11, Cloud Controls Matrix, v4.0)
  • Disaster recovery sites should be located in a geographic area that will be unlikely to be affected by the same disaster or failure. The proximity of the alternate site should be considered when the organization contracts and agrees to a SLA with the ICT disaster recovery service provider. (§ 5.4, ISO 24762 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, 2008)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Alternate locations and capacity for: (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:2 Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Alternate facilities; (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:3 Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Alternate processing locations; (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:3 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine that back-up sites are fully independent of the critical infrastructure components that support the primary sites. (TIER I OBJECTIVES AND PROCEDURES Testing With Third-Party Service Providers Objective 12: Testing Expectations for Core Firms and Significant Firms 5, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Geographically diversify key entity locations. (App A Objective 6:2c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Backup sites are fully independent of the critical infrastructure components that support the primary sites. (App A Objective 10:24b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • The alternate site should be geographically separated from the primary processing site. (Pg G-11, Pg G-12, Exam Tier I Obj 4.2, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Contingency Planning (CP): Organizations must establish, maintain, and effectively implement plans for emergency response, backup operations, and post-disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • The contingency plan should be examined to ensure all site hazards have been identified. The alternate processing site should be located at a distance far enough away from the primary processing site so as not to be affected by the same hazards as the primary processing site. (CP-7(1), Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1 Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • There are obvious cost and ready-time differences among the options. In these examples, the mirrored site is the most expensive choice, but it ensures virtually 100 percent availability. Cold sites are the least expensive to maintain, although they may require substantial time to acquire and install… (§ 3.4.3 ¶ 5, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • The organization should identify an alternate control center that is geographically separated from the primary control center. (SG.CP-9 Requirement Enhancements 1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization should identify an alternate processing site that is separate from the primary processing site to prevent it from being susceptible to the same hazards. (App F § CP-7(1), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization identifies an alternate processing site that is separated from the primary processing site to reduce susceptibility to the same threats. (CP-7(1) ¶ 1, TX-RAMP Security Controls Baseline Level 2)