Back

Include addressing telecommunications circuit diversity in the business continuity testing strategy.


CONTROL ID
13252
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a business continuity testing policy., CC ID: 13235

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Incorporating the results of telecommunications diversity assessments and confirming telecommunications circuit diversity; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 2 Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Testing critical applications, recovery of data, failover of the network, and resilience of telecommunications links; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether management considers, plans for, and prepares multiple mechanisms to communicate with personnel and other stakeholders while maintaining appropriate controls to safeguard customer information. Other stakeholders could include: (App A Objective 7:1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Developing guidelines, commensurate with the entity's size, complexity, and risk profile, to diversify connections to mitigate the risk of a telecommunications failure. (App A Objective 6:6e, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Simultaneous disruptions of telecommunications and electronic messaging, including between the entity and third-party service providers. (App A Objective 8:13c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Develop exercises that demonstrate not only the ability to failover to an alternate site but also validate recovery objectives. (App A Objective 10:13c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Testing communication and remote access capability (e.g., switching to alternate equipment or telecommuting). (App A Objective 10:17g, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)