Back

Evaluate the effectiveness of auditors reviewing and testing the business continuity program.


CONTROL ID
13212
CONTROL TYPE
Investigate
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Involve auditors in reviewing and testing the business continuity program., CC ID: 13211

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Has the organization established a program for internal audits of the BCMS? (Performance evaluation ΒΆ 4, ISO 22301: Self-assessment questionnaire)
  • Determine whether audit involvement in the business continuity program is effective, including: (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:11, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether the board or management validates that the auditor is qualified to carry out the review and is independent of the business continuity or related functions. (App A Objective 3:4, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)