Back

Include business units in the scope of the continuity framework.


CONTROL ID
11898
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish and maintain the scope of the continuity framework., CC ID: 11908

This Control has the following implementation support Control(s):
  • Include business functions in the scope of the continuity framework., CC ID: 12699


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • links between the business continuity policy and the organization’s objectives and other policies, including its overall risk management strategy; and (§ 4.1 ¶ 3 b), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • establish the parts of the organization to be included in the BCMS, (§ 4.3.2 ¶ 1 a), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • {activation procedures} {communication procedures} {internal interdependencies} {internal interactions} {external interactions} {information flow processes} Each plan shall define - purpose and scope, - objectives, - activation criteria and procedures, - implementation procedures, - roles, responsib… (§ 8.4.4 ¶ 3, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • establish the parts of the organization to be included in the BCMS, taking into account its location(s), size, nature and complexity; (§ 4.3.2 ¶ 1 a), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Determine whether the board and senior management has ensured that integral groups are involved in the business continuity process (e.g. business line management, risk management, IT, facilities management, and audit). (TIER I OBJECTIVES AND PROCEDURES Board and Senior Management Oversight Objective 2:3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Identification of interdependencies across business units. (III.A Action Summary ¶ 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Management should develop business continuity plan(s) (BCP) with sufficient detail in relation to the entity's size and complexity. The BCP should address key business needs and incorporate inputs from all business units. (V Action Summary ¶ 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)