Establish, implement, and maintain physical access controls for alternate facilities.

Back

CONTROL ID
13226

CONTROL TYPE
Physical and Environmental Protection

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Prepare the alternate facility for an emergency offsite relocation., CC ID: 00744

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. (A1.2 ¶ 1, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. (A1.2, Trust Services Criteria)
The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data backup processes, and recovery infrastructure to meet its objectives. (A1.2 ¶ 1, Trust Services Criteria, (includes March 2020 updates))
Determine whether appropriate physical and logical access controls have been considered and planned for the inactive production system when processing is temporarily transferred to an alternate facility. (TIER I OBJECTIVES AND PROCEDURES BCP - Security Issues Objective 7:2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
Describe how financial institution management ensures that appropriate physical security controls exist at the RDC customer location, such as: (App A Tier 2 Objectives and Procedures N.7 Bullet 1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)