Back

Define target resolution times for incident response in the Incident Response program.


CONTROL ID
13072
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • To facilitate the classification process, the FI should clearly define criteria to categorise problems by severity level. To effectively monitor and escalate problems, the FI should establish target resolution time as well as appropriate escalation processes for each severity level. (§ 7.4.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Determination of the maximum acceptable duration of malfunctions (Section 5.14 BCM-02 Basic requirement ¶ 2 Bullet 6, Cloud Computing Compliance Controls Catalogue (C5))
  • The goals of the incident response plan; (Section 4.H(2)(b), Insurance Data Security Model Law, NAIC MDL-668, Q4 2017)
  • Target resolution time frame. (App A Objective 16:3b Bullet 9, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The goals of the incident response plan; (§ 314.4 ¶ 1(h)(1), 16 CFR Part 314, Standards for Safeguarding Customer Information, Final Rule, Amended February 15, 2022)
  • To determine how the ISCP will be implemented following a system disruption or outage, it is essential to assess the nature and extent of the disruption. The outage assessment should be completed as quickly as the given conditions permit, with personnel safety remaining the highest priority. When po… (§ 4.2.3 ¶ 1, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))
  • The goals of the incident response plan. (Section 27-62-4(h)(2) b., Code of Alabama, Title 27, Chapter 62, Sections 1-11, Insurance Data Security Law)
  • The goals of such incident response plan; (Part VI(c)(8)(B)(ii), Connecticut General Statutes, Title 38a, Chapter 697, Part VI, Section 38a-38, Insurance Data Security Law)
  • The goals of the incident response plan. (§ 8604.(h)(2) b., Delaware Code, Title 18, Chapter 86, Sections 8601-8611, Insurance Data Security Act)
  • The goals of the incident response plan; (§431:3B-207(b)(2), Hawaii Revised Statute, Volume 9, Chapter 431, Article 3B, Sections 101-306, Insurance Data Security Law)
  • The goals of the incident response plan. (Sec. 20.(b)(2), Indiana Code, Title 27, Article 2, Chapter 27, Sections 1-32, Insurance Data Security)
  • The goals of the licensee’s incident response plan. (507F.4 7.b., Iowa Code, Title XIII, Chapter 507F, Sections 1-16, Insurance Data Security)
  • The goals of the incident response plan. (§2504.H.(2)(b), Louisiana Revised Statutes, Title 22, Chapter 21, Sections 2501-2511, Insurance Data Security)
  • The goals of the incident response plan; (§2264 8.B., Maine Revised Statutes, Title 24-A, Chapter 24-B, Sections 2261-2272, Maine Insurance Data Security Act)
  • The goals of the incident response plan. (Sec. 555.(8)(b), Michigan Compiled Laws, Chapter 5A Sections 550-565, Data Security)
  • the goals of the incident response plan; (§ 60A.9851 Subdivision 8(b)(2), Minnesota Statutes, Chapter 60A, Sections 985 - 9857, Information Security Program)
  • The goals of the incident response plan; (§ 83-5-807 (8)(b)(ii), Mississippi Code Annotated, Title 83, Chapter 5, Article 11, Sections 801 - 825, Insurance Data Security Law)
  • The goals of the incident response plan; (§ 420-P:4 VIII.(b)(2), New Hampshire Revised Statutes, Title XXXVIII, Chapter 420-P, Sections 1-14, Insurance Data Security Law)
  • the goals of the incident response plan; (§ 500.16 Incident Response Plan (b)(2), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies)
  • the goals of the incident response plan; (§ 500.16 Incident Response and Business Continuity Management (a)(1)(i), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)
  • The goals of the incident response plan; (26.1-02.2-03. 9.(2), North Dakota Century Code, Title 26.1, Chapter 26.1‑02.2, Sections 1-11, Insurance Data Security)
  • The goals of the incident response plan; (Section 3965.02 (H)(2)(b), Ohio Revised Code, Title 39, Chapter 3965, Sections 1-11, Cybersecurity Requirements For Insurance Companies)
  • the goals of the incident response plan; (SECTION 38-99-20. (H)(2)(b), South Carolina Code of Laws, Title 38, Chapter 99, Sections 10-100, Insurance Data Security Act)
  • The goals of the licensee's incident response plan; (§ 56-2-1004 (8)(B)(ii), Tennessee Code Annotated, Title 56, Chapter 2, Part 10, Sections 1-11, Insurance Data Security Law)
  • The goals of the incident response plan; (§ 38.2-623.G.2., Code of Virginia, Title 38.2, Chapter 6, Article 2, Sections 621-629, Insurance Data Security Act)
  • The goals of the incident response plan. (§ 601.952(5)(a), Wisconsin Statutes, Chapter 601, Subchapter IX, Sections 95-956, Insurance Data Security)