Back

Include reconciling transaction data in the business continuity testing strategy.


CONTROL ID
13260
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a business continuity testing policy., CC ID: 13235

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The ability to reconcile transaction data; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 1 Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Whether continuity arrangements continue to operate until all pending transactions are closed. (TIER I OBJECTIVES AND PROCEDURES Testing With Third-Party Service Providers Objective 12: Testing Expectations for Core Firms and Significant Firms 7 Bullet 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Process transactions and assess system functionality. (App A Objective 10:15c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Completing actual transactional volumes or an illustrative subset. (App A Objective 10:16i, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Whether continuity arrangements continue to operate until all pending transactions are closed. (App A Objective 10:25f, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Whether the significant firm participates in industry (e.g., U.S. Department of the Treasury's Hamilton Series and FS-ISAC's CAPS exercises) or cross-market tests sponsored by core firms, markets, or trade associations. Tests should incorporate verifying the connectivity from alternate sites and inc… (App A Objective 10:27b, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Ability to recover transaction data and supporting books and records based on retail payment system business line requirements and time lines. (App A Tier 1 Objectives and Procedures Objective 3:3 Bullet 1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Integration with enterprise-wide BCP. (App A Tier 2 Objectives and Procedures N.1 Bullet 4 Sub-Bullet 11, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)