Back

Establish, implement, and maintain physical access controls for alternate facilities.


CONTROL ID
13226
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Prepare the alternate facility for an emergency offsite relocation., CC ID: 00744

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. (A1.2, Trust Services Criteria)
  • The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. (A1.2 ΒΆ 1, Trust Services Criteria, (includes March 2020 updates))
  • Determine whether appropriate physical and logical access controls have been considered and planned for the inactive production system when processing is temporarily transferred to an alternate facility. (TIER I OBJECTIVES AND PROCEDURES BCP - Security Issues Objective 7:2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Describe how financial institution management ensures that appropriate physical security controls exist at the RDC customer location, such as: (App A Tier 2 Objectives and Procedures N.7 Bullet 1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)