Back

Establish, implement, and maintain form creation, management, and distribution procedures.


CONTROL ID
06393
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a record classification scheme for forms., CC ID: 00911

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain form disposition procedures., CC ID: 06394


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • O35.2(2): The organization should retrieve or store forms with a responsible person and maintain a transfer ledger. O36: The organization shall establish and maintain procedures for transferring and discarding important printed forms. (O35.2(2), O36, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • To ensure protection against unauthorized use, transfer and discarding of important printed forms should be implemented by specifically designated personnel based on the predetermined procedures, and the progress of transfer and discarding should be accessible by the personnel responsible for manage… (P68.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • When conducting the inventory control and disposal of forms, it is necessary to manage the number of forms used and the number of forms discarded. (P67.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In order to prevent unauthorized use of unused important forms, it is necessary to conduct an inventory control and disposal of such forms according to established procedures. (P67.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • For the control of documented information, the organization shall address the following activities, as applicable — distribution, access, retrieval and use, — storage and preservation, including preservation of legibility, — control of changes, — retention and disposition, — retrieval and … (§ 7.5.3 ¶ 2, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • Verify the personnel involved in the engagement adequately completed all the forms, questionnaires, or checklists that are required by organizational policy for the work program. (Ques. AT414 Item 1, Reporting on Controls at a Service Organization Checklist, PRP §21,100)
  • Verify the personnel involved in the engagement adequately completed all the forms, questionnaires, or checklists that are required by organizational policy for the disclosure and reporting checklist. (Ques. AT414 Item 2, Reporting on Controls at a Service Organization Checklist, PRP §21,100)
  • Verify the personnel involved in the engagement adequately completed all the forms, questionnaires, or checklists required by organizational policy for working paper reviews and financial statement reviews. (Ques. AT414 Item 3, Reporting on Controls at a Service Organization Checklist, PRP §21,100)
  • The organization may determine that the Records Management Application should be able to interface with forms generating software and/or generate completed standard Records Management forms. (§ C3.2.12, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability to print hardcopy codes or identifiers as labels or other products. (§ C3.2.13, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • Enable the severity level of interventions provided for drug-drug interaction checks to be adjusted. (§ 170.315 (a) (4) (ii) (A), 45 CFR Part 170 Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology, current as of January 2024)
  • Optional. Include a "reason for order" field. (§ 170.315 (a) (1) (ii), 45 CFR Part 170 Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology, current as of January 2024)
  • Enable the severity level of interventions provided for drug-drug interaction checks to be adjusted. (§ 170.315 (a) (4) (ii) (A), 45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, current as of July 14, 2020)
  • Sex. Enable sex to be recorded in accordance with the standard specified in §170.207(n)(1). (§ 170.315 (a) (5) (i) (C), 45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, current as of July 14, 2020)
  • Optional. Include a "reason for order" field. (§ 170.315 (a) (1) (ii), 45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, current as of July 14, 2020)