Back

Lead or manage business continuity and system continuity, as necessary.


CONTROL ID
12240
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

This Control has the following implementation support Control(s):
  • Allocate financial resources to implement the continuity plan, as necessary., CC ID: 12993
  • Allocate personnel to implement the continuity plan, as necessary., CC ID: 12992


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Based on their BIAs, financial institutions should establish plans to ensure business continuity (business continuity plans, BCPs), which should be documented and approved by their management bodies. The plans should specifically consider risks that could adversely impact ICT systems and ICT service… (3.7.2 80, Final Report EBA Guidelines on ICT and security risk management)
  • Have measureable business continuity (BC) objectives been established, documented and communicated throughout the organization with a plan to achieve them? (Planning ¶ 3, ISO 22301: Self-assessment questionnaire)
  • A set of indicators to management that will aid them in selecting an appropriate level of response bringing into effect the related policies discussed in section 4.4—for the organization. There should be a graduated level of response related to the WHO pandemic alert level or other authoritative i… (4.5, Pandemic Response Planning Policy)
  • Ensure enterprise architects are including pandemic contingency in planning (4.10(a), Pandemic Response Planning Policy)
  • - ensuring that policies and objectives are established for the business continuity management system and are compatible with the strategic direction of the organization, - ensuring the integration of the business continuity management system requirements into the organization’s business processes… (§ 5.2 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • Top management shall provide evidence of its commitment to the establishment, implementation, operation, monitoring, review, maintenance, and improvement of the BCMS by - establishing a business continuity policy, - ensuring that BCMS objectives and plans are established, - establishing roles, respo… (§ 5.2 ¶ 2, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the BCMS. (§ 7.1 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • directing and supporting persons to contribute to the effectiveness of the BCMS; (§ 5.1 ¶ 1 f), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Risk management represents the third step in the business continuity planning process. It is defined as the process of identifying, assessing, and reducing risk to an acceptable level through the development, implementation, and maintenance of a written, enterprise-wide BCP. The BCP should be: - Bas… (Business Continuity Plan Development, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Board expectations for overall business continuity capabilities, including guidelines to achieve defined business continuity objectives. (VII Action Summary ¶ 2 Bullet 11, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Verify that the BCP includes procedures for coordination with the first responders and local and state government agencies, when appropriate. (App A Objective 8:6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Coordination with regulatory agencies, local and state officials, law enforcement, and first responders. (App A Objective 8:13a, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)