Back

Include addressing telecommunications circuit diversity in the business continuity testing strategy.


CONTROL ID
13252
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a business continuity testing policy., CC ID: 13235

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Incorporating the results of telecommunications diversity assessments and confirming telecommunications circuit diversity; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 2 Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Testing critical applications, recovery of data, failover of the network, and resilience of telecommunications links; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether management considers, plans for, and prepares multiple mechanisms to communicate with personnel and other stakeholders while maintaining appropriate controls to safeguard customer information. Other stakeholders could include: (App A Objective 7:1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Developing guidelines, commensurate with the entity's size, complexity, and risk profile, to diversify connections to mitigate the risk of a telecommunications failure. (App A Objective 6:6e, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Simultaneous disruptions of telecommunications and electronic messaging, including between the entity and third-party service providers. (App A Objective 8:13c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Develop exercises that demonstrate not only the ability to failover to an alternate site but also validate recovery objectives. (App A Objective 10:13c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Testing communication and remote access capability (e.g., switching to alternate equipment or telecommuting). (App A Objective 10:17g, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Two or more organizations with similar or identical system configurations and backup technologies may enter into a formal agreement to serve as alternate sites for each other or enter into a joint contract for an alternate site. This type of site is set up via a reciprocal agreement or memorandum of… (§ 3.4.3 ¶ 8, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))