Back

Identify all stakeholders in the continuity plan.


CONTROL ID
13256
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a continuity plan., CC ID: 00752

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • internal and external interdependencies; (§ 8.4.4.3 e), ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements, Second Edition)
  • Participants' roles and responsibilities, defined decision makers, and rotation of test participants; (TIER II OBJECTIVES AND PROCEDURES Test Planning Objective 2: Plans: How the institution conducts Testing 1 Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • The financial institution's relationship with the RDC service provider and BCP assurance. (App A Tier 2 Objectives and Procedures N.13 Bullet 1 Sub-Bullet 1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • The financial institution's relationship with the RDC customer. (App A Tier 2 Objectives and Procedures N.13 Bullet 1 Sub-Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Personnel to be notified should be clearly identified in the contact lists appended to the plan. This list should identify personnel by their team position, name, and contact information (e.g., home, work, cell phone, email addresses, and home addresses). An entry may resemble the following format: (§ 4.2.2 ¶ 5, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))