Assess risks related to fault tolerance and redundancy of critical assets.

CONTROL ID
13053

CONTROL TYPE
Systems Continuity

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Evaluate all possible continuity risks and impacts as a part of the continuity framework., CC ID: 06374

There are no implementation support Controls.

To achieve DC resiliency, the FI should assess the redundancy and fault tolerance in areas such as electrical power, air conditioning, fire suppression and data communications. (§ 10.3.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
diversification of data communications and network paths; (§ 8.5.2(a), Technology Risk Management Guidelines, January 2021)
Redundancy or fault-tolerant solutions should be implemented for IT systems which require high system availability. The FI should perform a periodic review of its IT system and network architecture design to identify weaknesses in the existing design. The review should include a mapping of internal … (§ 8.1.2, Technology Risk Management Guidelines, January 2021)
Financial institutions should ensure that their ICT systems and ICT services are designed and aligned with their BIA, for example with redundancy of certain critical components to prevent disruptions caused by events impacting those components. (3.7.1 79, Final Report EBA Guidelines on ICT and security risk management)
One or more evaluation criteria are established and used to make an initial assessment. Cyber resiliency can be evaluated in multiple ways, including: (3.2.2.3 ¶ 1, NIST SP 800-160, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Volume 2, Revision 1)