Back

Include testing peak transaction volumes from alternate facilities in the business continuity testing strategy.


CONTROL ID
13265
CONTROL TYPE
Testing
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a business continuity testing policy., CC ID: 13235

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Tests of the ability to support peak transaction volumes from back-up facilities for extended periods. (TIER II OBJECTIVES AND PROCEDURES Test Planning Objective 2: Scenarios - Test Content 2 Bullet 2, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether the core firm's testing strategy includes plans to test the ability of significant firms, which clear or settle transactions, to recover critical clearing and settlement activities from geographically dispersed back-up sites within a reasonable time frame. (TIER I OBJECTIVES AND PROCEDURES Testing With Third-Party Service Providers Objective 12: Testing Expectations for Core Firms and Significant Firms 8, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Backup sites are able to support typical payment and settlement volumes for an extended period. (App A Objective 10:24a, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Determine whether the core firm's testing strategy includes plans to test the ability of significant firms that clear or settle transactions to recover critical clearing and settlement activities from geographically dispersed backup sites within a reasonable time frame. (App A Objective 10:26, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Whether data recovery or reconstruction to restart payment and settlement functions can be completed within the time frames defined by the BCM process and applicable industry standards. (App A Objective 10:25e, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Information relative to the volume and importance of the retail payment system activity to the institution's overall operation. (App A Tier 2 Objectives and Procedures E.1 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Two or more organizations with similar or identical system configurations and backup technologies may enter into a formal agreement to serve as alternate sites for each other or enter into a joint contract for an alternate site. This type of site is set up via a reciprocal agreement or memorandum of… (§ 3.4.3 ¶ 8, NIST SP 800-34, Contingency Planning Guide for Federal Information Systems, Rev. 1 (Final))