Back

Establish, implement, and maintain Memorandums Of Understanding for all alternate facilities.


CONTROL ID
11695
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Prepare the alternate facility for an emergency offsite relocation., CC ID: 00744

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • To minimise risks associated with changes, FIs should perform backups of affected systems or applications prior to the change. The FI should establish a rollback plan to revert to a former version of the system or application if a problem is encountered during or after the deployment. The FI should … (§ 7.1.6, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Environmental protections, software, data backup processes, and recovery infrastructure are authorized, designed, developed, implemented, operated, approved, maintained, and monitored to meet the entity’s availability commitments and system requirements. (A1.2, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Organizations may enter into a memorandum of understanding (MOU) with another organization that has a similar or identical configuration and back-up technologies to serve as each other's alternate site. With this agreement, the recovery sequence for applications from both organizations must be prior… (§ 3.4.3 ¶ 8 thru 9, Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft))
  • An MOU or an SLA for an alternate site should be developed specific to the organization's needs and the partner organization's capabilities. The legal department of each party must review and approve the agreement. In general, the agreement should address at a minimum, each of the following elements… (§ 3.4.3 ¶ 9, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • MOUs or vendor SLAs; (§ 3.6 ¶ 5 Bullet 4, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))