This Control directly supports the implied Control(s):
Establish and maintain the staff structure in line with the strategic plan., CC ID: 00764
This Control has the following implementation support Control(s):
Rotate duties amongst the critical roles and positions., CC ID: 06554
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Each relevant business and support function should establish a business recovery team which may have sub-teams to carry out the business resumption process. Appropriate recovery personnel with the required knowledge and skills should be assigned to the teams. AIs should ensure that alternate recover… (4.3.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-G-2 Business Continuity Planning, V.1 - 02.12.02)
There also needs to be a periodic rotation of duties among users or personnel as a prudent risk measure. (Critical components of information security 7) (iv), Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
Implementation of rotation of duties. (App A Objective 14:4e, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
