Back

Implement a staff rotation plan.


CONTROL ID
12772
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish and maintain the staff structure in line with the strategic plan., CC ID: 00764

This Control has the following implementation support Control(s):
  • Rotate duties amongst the critical roles and positions., CC ID: 06554


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Each relevant business and support function should establish a business recovery team which may have sub-teams to carry out the business resumption process. Appropriate recovery personnel with the required knowledge and skills should be assigned to the teams. AIs should ensure that alternate recover… (4.3.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-G-2 Business Continuity Planning, V.1 - 02.12.02)
  • There also needs to be a periodic rotation of duties among users or personnel as a prudent risk measure. (Critical components of information security 7) (iv), Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Implementation of rotation of duties. (App A Objective 14:4e, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)