Back

Include incident management procedures in the continuity plan.


CONTROL ID
13244
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Restoration procedures, manual temporary solutions and reference information (by taking the prioritisation into account for the recovery of cloud infrastructure components and services as well as orienting to customers) (Section 5.14 BCM-03 Basic requirement ¶ 1 Bullet 5, Cloud Computing Compliance Controls Catalogue (C5))
  • Does the BC strategy provide for mitigating, responding to and managing impacts? (Operation ¶ 12, ISO 22301: Self-assessment questionnaire)
  • Is there a procedure for detecting and monitoring incidents, which includes recording vital information, actions taken and decisions made? (Operation ¶ 22, ISO 22301: Self-assessment questionnaire)
  • The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. (S7.4 Continuity of physical and environmental protections, Privacy Management Framework, Updated March 1, 2020)
  • details to manage the immediate consequences of a disruption giving due regard to: (§ 8.4.4.2 d), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • be specific regarding the immediate steps that are to be taken during a disruption; (§ 8.4.1 ¶ 3 a), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • be flexible to respond to the changing internal and external conditions of a disruption; (§ 8.4.1 ¶ 3 b), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • reference to the pre-defined threshold(s) and process for activating the response; (§ 8.4.4.2 b), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • The organization shall document and maintain business continuity plans and procedures. The business continuity plans shall provide guidance and information to assist teams to respond to a disruption and to assist the organization with response and recovery. (§ 8.4.4.1, ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Crisis management (responsibility for disaster declaration and dealing with outside parties); (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:5 Bullet 5, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • The following policies, standards, and processes should be integrated into the business continuity planning process: - Security Standards; - Project Management; - Change Control Policies; - Data Synchronization Procedures; - Crises Management; - Incident Response; - Remote Access; - Employee Trainin… (Other Policies, Standards and Processes, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Communications protocols, event management, business continuity, and disaster recovery. (V Action Summary ¶ 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Aligns incident response procedures with other related processes (e.g., cybersecurity, network operations, and physical security). (App A Objective 8:10a, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Considers incident response procedures during the development of the business continuity strategy. (App A Objective 8:10b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Leverages routine processes (e.g., vulnerability management and network monitoring) to anticipate potential incidents, including cyber incidents. (App A Objective 8:10c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Determine whether the BCP includes event management procedures that detail reasonably foreseeable event types, and those procedures include threshold metrics and response methods. (App A Objective 8:3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Evaluate whether management integrates the entity's AIO functions into the entity's BCM program to mitigate threats, respond to and recover from disruptions, and incorporate lessons learned to strengthen the entity's resilience. (App A Objective 8:1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., FedRAMP Security Controls High Baseline, Version 5)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., FedRAMP Security Controls Low Baseline, Version 5)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Coordinate incident handling activities with contingency planning activities; (IR-4b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., TX-RAMP Security Controls Baseline Level 1)
  • Coordinates incident handling activities with contingency planning activities; and (IR-4b., TX-RAMP Security Controls Baseline Level 2)