Back

Include the protection of personnel in the continuity plan.


CONTROL ID
06378
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system continuity plan strategies., CC ID: 00735

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain a critical personnel list., CC ID: 00739


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • When developing contingency plans, the organization shall develop a procedures manual that defines procedures for protecting the safety of employees and customers and assets and identifying damaged conditions. (O65.3(4), FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • details to manage the immediate consequences of a disruptive incident giving due regard to the welfare of individuals, (§ 8.4.4 ¶ 2 c) 1), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • the welfare of individuals; (§ 8.4.4.2 d) 1), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Develop a national plan to manage PPE supply (stockpile, distribution) and to identify IPC surge capacity (numbers and competence) (Pillar 6 Step 1 Action 5, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Assess IPC capacity at all levels of healthcare system, including public, private, traditional practices and pharmacies. Minimum requirements include functional triage system and isolation rooms, trained staff (for early detection and standard principles for IPC); and sufficient IPC materials, inclu… (Pillar 6 Step 1 Action 1, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Personnel; (TIER I OBJECTIVES AND PROCEDURES Business Continuity Planning (BCP) - General Objective 5:1 Bullet 3 Sub-Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether management documented and implemented, as appropriate, the following resilience measures for personnel: (App A Objective 6:4, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Lodging arrangements for displaced employees and their families. (App A Objective 6:4b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Basic necessities and services for displaced employees, including water, food, clothing, childcare, and transportation. (App A Objective 6:4c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • On-site medical support and mobile command centers. (App A Objective 6:4d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Immediate steps to protect personnel and customers and minimize damage. (App A Objective 8:1d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Logistical arrangements (e.g., housing, transportation, or food) for personnel at the recovery locations. (App A Objective 8:1g, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • The OEP should also include procedures and multiple contact methods for collecting a personnel head count after the disaster. It is important for senior management to know who was in the building prior to the event and who has been accounted for (both onsite and offsite personnel) so that civil auth… (Appendix D Subsection 1 ¶ 2, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))