Back

Include emergency operating procedures in the continuity plan.


CONTROL ID
11694
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system continuity plan strategies., CC ID: 00735

This Control has the following implementation support Control(s):
  • Include a system acquisition process for critical systems in the emergency mode operation plan., CC ID: 01369


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • What operational procedures may need to be altered, amended, or suspended, such as those over facilities, visitors, and non-essential activities and events (4.4(g), Pandemic Response Planning Policy)
  • Emergency Operation Centers (EOCs) should be provided by the service provider at the recovery sites to allow organizations to supervise and maintain communications with their business units and external parties during a failure or disaster. Basic equipment and supplies should be provided to operate … (§ 6.11, ISO 24762 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, 2008)
  • Support access to water and sanitation for health (WASH) services in public places and community spaces most at risk (Pillar 6 Step 2 Action 5, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Prepare rapid health assessment/isolation facilities to manage ill passenger(s) and to safely transport them to designated health facilities (Pillar 4 Step 2 Action 2, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Interfaces capable of human user access are local user interfaces such as touchscreens, push buttons, keyboards, etc. as well as network protocols designed for human user interactions such as hypertext transfer protocol (HTTP), HTTP secure (HTTPS), file transfer protocol (FTP), secure FTP (SFTP), pr… (5.3.2 ¶ 2, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • § 5.10 The organization must develop a communications system and test it regularly to support the disaster/emergency management and business continuity program. The organization must develop communications procedures and exercise them regularly to support the program. The capability to alert offici… (§ 5.10, § 5.12.1, Annex A.5.12.1, Disaster / Emergency Management and Business Continuity, NFPA 1600, 2007 Edition)
  • Explain actions to be taken in specific emergencies; (TIER I OBJECTIVES AND PROCEDURES Business Continuity Planning (BCP) - General Objective 5:1 Bullet 4 Sub-Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Alternatives for payment systems, facilities and infrastructure, data center(s), and branch relocation during a disaster. (V Action Summary ¶ 2 Bullet 4, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)