Back

Monitor and review environmental protections.


CONTROL ID
12571
CONTROL TYPE
Monitor and Evaluate Occurrences
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Employ environmental protections., CC ID: 12570

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The environmental parameters are monitored. If the tolerable control range is exceeded from below or above, alarm messages are generated and forwarded to the responsible bodies. (Section 5.5 PS-03 Description of additional requirements (availability) ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • The supply of the computing centres (e. g. water, electricity, temperature and moisture control, telecommunications and Internet connection) is secured, monitored and is maintained and tested at regular intervals in order to guarantee continuous effectiveness. It has been designed with automatic fai… (Section 5.14 BCM-05 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Design and implement measures for protection against environmental factors. Install specialised equipment and devices to monitor and control the environment. (DS12.4 Protection Against Environmental Factors, CobiT, Version 4.1)
  • Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals. (DCS-14, Cloud Controls Matrix, v4.0)
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. (A1.2 ¶ 1, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Detected environmental threat events are communicated to and reviewed by the individuals responsible for the management of the system and actions are taken, if necessary. (A1.2 ¶ 2 Bullet 6 Communicates and Reviews Detected Environmental Threat Events, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Detected environmental threat events are communicated to and reviewed by the individuals responsible for the management of the system, and actions are taken, if necessary. (A1.2 Communicates and Reviews Detected Environmental Threat Events, Trust Services Criteria)
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. (A1.2, Trust Services Criteria)
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. (A1.2 ¶ 1, Trust Services Criteria, (includes March 2020 updates))
  • Detected environmental threat events are communicated to and reviewed by the individuals responsible for the management of the system and actions are taken, if necessary. (A1.2 ¶ 2 Bullet 6 Communicates and Reviews Detected Environmental Threat Events, Trust Services Criteria, (includes March 2020 updates))
  • Environmental protections, software, data backup processes, and recovery infrastructure are authorized, designed, developed, implemented, operated, approved, maintained, and monitored to meet the entity’s availability commitments and system requirements. (A1.2, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Evaluation of all systems for their advantages and disadvantages. (App A Objective 13:9b Bullet 6, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)