Back

Rotate duties amongst the critical roles and positions.


CONTROL ID
06554
CONTROL TYPE
Establish Roles
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Implement a staff rotation plan., CC ID: 12772

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Network control functions should be performed by individuals possessing adequate training and experience. Network control functions should be separated, and the duties should be rotated on a regular basis, where possible. Network control software must restrict operator access from performing certain… (Critical components of information security 24) viii. ¶ 1 o., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • App B § 2.D: The organization shall rotate duties, particularly the ones that involve authorization of transactions. App B § 2.E: No individual shall be allowed to "sign" a check that that individual issued. The individual in control of the check signer shall not control the check stock at the sa… (App B § 2.D, App B § 2.E, CMS Business Partners Systems Security Manual, Rev. 10)
  • The accessibility, rotation, and cross training of staff necessary to support critical business operations; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 1 Bullet 4, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)