Back

Include emergency response procedures in the internal control framework.


CONTROL ID
06779
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an internal control framework., CC ID: 00820

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The information security policy should include emergency procedures and cyber security incident management. (Control: 0890 Bullet 7, Australian Government Information Security Manual: Controls)
  • the identification of measures relating to preparedness, response and recovery, including cooperation between the public and private sectors; (Art. 7.1(c), Directive (EU) 2016/1148 OF The European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union)
  • Standards / procedures should cover emergency access for key individuals (e.g., business owners or users, System Administrators, systems development staff, and suppliers of equipment, software, or services). (CF.11.03.02b, The Standard of Good Practice for Information Security)
  • Standards / procedures should cover emergency access for key individuals (e.g., business owners or users, System Administrators, systems development staff, and suppliers of equipment, software, or services). (CF.11.03.02b, The Standard of Good Practice for Information Security, 2013)
  • prepare for and respond to emergency situations (see 8.2); (§ 6.1.4 ¶ 1 a) 3), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so. (§ 7.3 ¶ 1 f), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • establishing a planned response to emergency situations, including the provision of first aid; (§ 8.2 ¶ 1 a), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • The organization shall establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1, including: (§ 8.2 ¶ 1, ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • Ensure the cyber security policy addresses the requirements in standards cip-002-3 through cip-009-3, including provision for emergency situations. (§ R1.1, North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards CIP-003-3, version 3)