Back

Analyze the flow of information to ensure it is being received by the correct processes.


CONTROL ID
12860
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain communication protocols., CC ID: 12245

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • the internal and external communication links between the IT systems, (§ 7.4 ¶ 1 Bullet 4, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • the communication links in between and externally, (§ 8 Subsection 2 ¶ 1 Bullet 4, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Measures for ensuring correct addressing and correct transfer of information are implemented. (5.1.2 Requirements (should) Bullet 1, Information Security Assessment, Version 5.1)
  • Ensure that information flows seamlessly into processes for identifying and correcting action and control weaknesses, and apply necessary changes. (OCEG GRC Capability Model, v. 3.0, P8.4 Improve Capabilities, OCEG GRC Capability Model, v 3.0)
  • accurate and complete information is provided to the correct functions or areas of the organization to enable preventative, corrective and remedial action to be taken; (§ 9.1.7 ¶ 1 e), ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • A clear and timely escalation process should be adopted and communicated to ensure that all noncompliances are raised, reported and eventually escalated to relevant management, and that the compliance function is informed and able to support the escalation. Where appropriate, escalation should be to… (§ 10.1.2 ¶ 1, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • exercise its right and responsibility to determine and receive the information it requires, including determining the appropriate data collection methods, preparation and timely delivery of information; (§ 6.8.3.2.1 ¶ 1 f), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • accurate and complete information is provided to the correct functions or areas of the organization to enable preventive, corrective and remedial actions to be taken in a timely manner. (§ 9.1.4 ¶ 1 e), ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • accurate and complete information is provided to the correct functions or areas of the organization to enable preventive, corrective and remedial action to be taken in a timely manner. (§ 9.1.4 ¶ 1 e), ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)