Back

Include affected party’s needs and interests in the scope of the continuity framework.


CONTROL ID
12698
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish and maintain the scope of the continuity framework., CC ID: 11908

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Have you determined the needs and expectations of interested parties that are relevant to the BCMS? Do you review these on a regular basis? (Context of the organization ¶ 3, ISO 22301: Self-assessment questionnaire)
  • Are there documented plans/procedures for restoring business operations after an incident? Do they reflect the needs of those who will use them and contain all the essential information they need? (Operation ¶ 26, ISO 22301: Self-assessment questionnaire)
  • the relevant requirements of these interested parties. (§ 4.2.1 ¶ 1 b), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • its mission, goals, and internal and external obligations. (§ 4.3.1 ¶ 2 c), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response. (§ 8.2 ¶ 1 g), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • the needs and expectations of interested parties; (§ 9.3 ¶ 2 b) 1), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • Provide prioritized tailored support to health facilities based on IPC risk assessment and local care-seeking patterns, including for supplies, human resources, training (Pillar 6 Step 3 Action 2, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • It is critical to communicate to the public what is known about COVID-19, what is unknown, what is being done, and actions to be taken on a regular basis. Preparedness and response activities should be conducted in a participatory, community-based way that are informed and continually optimized acco… (Pillar 2: Risk communication and community engagement, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Healthcare facilities should prepare for large increases in the number of suspected cases of COVID-19. Staff should be familiar with the suspected COVID-19 case definition, and able to deliver the appropriate care pathway. Patients with, or at risk of, severe illness should be given priority over mi… (Pillar 7: Case management, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)
  • Risk management represents the third step in the business continuity planning process. It is defined as the process of identifying, assessing, and reducing risk to an acceptable level through the development, implementation, and maintenance of a written, enterprise-wide BCP. The BCP should be: - Bas… (Business Continuity Plan Development, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Management should develop business continuity plan(s) (BCP) with sufficient detail in relation to the entity's size and complexity. The BCP should address key business needs and incorporate inputs from all business units. (V Action Summary ¶ 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • An information system can be very complex and often supports multiple mission/business processes, resulting in different perspectives on the importance of system services or capabilities. To accomplish the BIA and better understand the impacts a system outage or disruption can have on the organizati… (§ 3.2.1 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))