Back

Include telecommunications continuity procedures in the continuity plan.


CONTROL ID
11691
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system continuity plan strategies., CC ID: 00735

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Alternate sites for technology recovery (i.e. back-up data centres), which may be separate from the alternate business site, should have sufficient technical equipment (e.g. workstations, servers, printers, etc.) of appropriate model, size and capacity to meet recovery requirements as specified by A… (5.2.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-G-2 Business Continuity Planning, V.1 - 02.12.02)
  • Precautions against the failure of supply services such as power, cooling or network connections are taken by means of suitable safeguards and redundancies in coordination with safeguards for operational reliability. Power and telecommunication supply lines which transport data or supply information… (Section 5.5 PS-04 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Verification of the ability for significantly increased telecommuting including bandwidth, VPN concentrator capacity/licensing, ability to offer voice over IP and laptop/remote desktop availability (4.10(b), Pandemic Response Planning Policy)
  • Procedures and resources should be implemented to assist organizations with negotiating and bringing in telecommunications service providers in order to meet the minimum standards for redundancy, security, reliability, and quality. (§ 6.7.2, ISO 24762 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, 2008)
  • Telecommunications; (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:7 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Disruption of telephony and electronic messaging due to the convergence of voice and data services on the same network; and (TIER I OBJECTIVES AND PROCEDURES Cyber Resilience Objective 10:4 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Disruption of data and voice communications between facilities and service providers. (TIER I OBJECTIVES AND PROCEDURES Cyber Resilience Objective 10:4 Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether management documented and implemented, as appropriate, the following resilience measures for telecommunications: (App A Objective 6:6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Secure telecommunication options if employees work from an alternate location. (App A Objective 6:4e, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Evaluating communications and resilience needs to ensure branch communications. (App A Objective 6:6h, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Establishing redundant telecommunications links with each of the entity's third-party service providers through a contractual arrangement that allows either party to switch its connection to an alternate communication path. (App A Objective 6:6c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Network equipment, connectivity, and communication needs, including entity-owned and personal mobile devices. (App A Objective 8:1h, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Implements redundant telecommunications services and establishes work-around procedures for situations where needed. (App A Objective 13:3q, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The telecommunications architecture should have resiliency and redundancy built in. The telecommunications services should have an alternate path available in case the primary path is blocked. (Pg 28, Exam Tier I Obj 8.3, Exam Tier II Q D.1, FFIEC IT Examination Handbook - Operations, July 2004)
  • Evaluate the adequacy of the ACH contingency plan; determine whether the financial institution has tested it and whether it includes provisions for partial or complete failure of the system or communication lines between the institution, ACH operators, customers, and associated data centers. (App A Tier 2 Objectives and Procedures L.1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • LANs and WANs are two types of telecommunications systems. Considerations provided in section 5.2.1 regarding client/server systems should be used by the Information System Contingency Plan Coordinator, along with the following practices, to develop the telecommunications recovery strategy: document… (§ 5.3, § 5.3.1, Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft))