Back

Inspect and maintain the facility and supporting assets.


CONTROL ID
06345
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain facility maintenance procedures., CC ID: 00710

This Control has the following implementation support Control(s):
  • Test and inspect assets under full load working conditions., CC ID: 06356


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • To ensure the continued availability of AIs’ technology related services, AIs should maintain and service IT facilities and equipment (e.g. computer hardware, network devices, electrical power distribution, UPS and air conditioning units) in accordance with the industry practice, and suppliers’ … (5.3.1, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • O76.3(6): The organization shall establish and implement a plan for routine functional inspections of the facilities. O77: The organization shall establish and maintain procedures for the maintenance and inspection of the computer center and the head and branch offices. O77.1: The organization shall… (O76.3(6), O77, O77.1, O77.2, O77.3, O77.4, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • The organization shall ensure that the private power generation facility and storage battery system are inspected regularly. (F64.5, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • It is necessary to define regulations for the maintenance of disaster prevention facilities and to conduct regular inspections. (P54.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorize, by order, any service provider to set up, maintain and upgrade the computerized facilities and perform such other services as it may specify, by n… (§ III.6A (1), India Information Technology Act 2008, 2008)
  • The organization must ensure facilities that contain a system, including a deployable system, are certified and accredited against the australian government physical security management protocol. (Control: 0810, Australian Government Information Security Manual: Controls)
  • Datacenter utilities services and environmental conditions (e.g., water, power, temperature and humidity controls, telecommunications,and internet connectivity) shall be secured, monitored, maintained, and tested for continual effectiveness at planned intervals to ensure protection from unauthorized… (BCR-03, Cloud Controls Matrix, v3.0)
  • Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals. (DCS-14, Cloud Controls Matrix, v4.0)
  • Infrastructure, data, software, and policies and procedures are updated as necessary to remain consistent with the entity’s commitments and system requirements as they relate to [insert the principle(s) addressed by the engagement: security, availability, processing integrity, confidentiality, or … (CC7.2, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Is the UPS system tested annually? (§ F.2.26.1, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • Is the security alarm system tested annually? (§ F.2.26.2, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • Are the fire detection systems tested annually? (§ F.2.26.3, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • Is the fire suppression system tested annually? (§ F.2.26.4, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)
  • Are the generators tested monthly? (§ F.2.26.5, Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0)