Back

Include data recovery in the business continuity testing strategy.


CONTROL ID
13262
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a business continuity testing policy., CC ID: 13235

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The organization designs and tests its systems and processes to enable recovery of accurate data (e.g., material financial transactions) sufficient to support normal operations and obligations following a cybersecurity incident. (PR.IP-4.1, CRI Profile, v1.2)
  • The organization conducts and maintains backups of information and periodically conduct tests of backups to business assets (including full system recovery) to achieve cyber resilience. (PR.IP-4.2, CRI Profile, v1.2)
  • The organization designs and tests its systems and processes to enable recovery of accurate data (e.g., material financial transactions) sufficient to support normal operations and obligations following a cybersecurity incident. (PR.IP-4.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • The organization conducts and maintains backups of information and periodically conduct tests of backups to business assets (including full system recovery) to achieve cyber resilience. (PR.IP-4.2, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • Testing critical applications, recovery of data, failover of the network, and resilience of telecommunications links; (TIER II OBJECTIVES AND PROCEDURES Testing Strategy Objective 1: Event Scenarios 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Returning to normal operations. (App A Objective 10:23g, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)