Back

Include a business continuity testing policy in the continuity plan, as necessary.


CONTROL ID
13234
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Have you devised and implemented a program to ensure the BCMS achieves its outcomes? (Operation ΒΆ 1, ISO 22301: Self-assessment questionnaire)
  • The organization establishes testing programs that include a range of scenarios, including severe but plausible scenarios (e.g., disruptive, destructive, corruptive) that could affect the organization's ability to service clients. (PR.IP-10.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • Determine whether the institution has a business continuity testing policy that sets testing expectations for the enterprise-wide continuity functions, business lines, support functions, and crisis management. (TIER I OBJECTIVES AND PROCEDURES Risk Monitoring and Testing Objective 11: Testing Policy 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Scope and frequency of testing. (App A Objective 8:1j, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Confirm that exercise and test plans remain compatible with the BCP and the entity's infrastructure. (App A Objective 10:11f, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)