Back

Establish, implement, and maintain environmental control procedures.


CONTROL ID
12246
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an environmental control program., CC ID: 00724

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Also, it is necessary to fully check visitors in the front chamber as well as preventing external heat, humidity, and dust from entering. (F27.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To prevent the computer systems from failure, the air-conditioning facilities should be provided with an adequate margin of capacity to control temperature and humidity to appropriate levels for the equipment installed in the computer room. (F72.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • For preventive maintenance of computer systems and identification of possible causes in the event of failure, it is recommended to install automatic temperature and humidity recorders or alarm systems for any exceptional temperature/humidity. When installing automatic temperature and humidity record… (F131.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • be flexible to respond to unanticipated threats and changing internal and external conditions, (§ 8.4.1 ¶ 3 c), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • Procedures are in place for responding to environmental threat events and for evaluating the effectiveness of those policies and procedures on a periodic basis. This includes automatic mitigation systems (for example, uninterruptable power system and generator backup subsystem). (A1.2 ¶ 2 Bullet 5 Responds to Environmental Threat Events, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Procedures are in place for responding to environmental threat events and for evaluating the effectiveness of those policies and procedures on a periodic basis. This includes automatic mitigation systems (for example, uninterruptable power system and generator back-up subsystem). (A1.2 Responds to Environmental Threat Events, Trust Services Criteria)
  • Procedures are in place for responding to environmental threat events and for evaluating the effectiveness of those policies and procedures on a periodic basis. This includes automatic mitigation systems (for example, uninterruptable power system and generator backup subsystem). (A1.2 ¶ 2 Bullet 5 Responds to Environmental Threat Events, Trust Services Criteria, (includes March 2020 updates))