Back

Include procedures to preserve data before beginning the recovery process in the recovery plan.


CONTROL ID
13292
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a recovery plan., CC ID: 13288

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In the case of 24-hour online operations, it is necessary to consider a function or system that can acquire data required for recovery during online operations without hindering online services. (P106.3. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In the case of a foreign subsidiary, under the scenario of the financial failure of the Group, recovery plans would normally be in place to enable repatriation of sufficient data/information to enable an orderly transition of operations (e.g. customer balances and transaction history). (Attachment B ¶ 19, APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • identify alternative solutions and develop transition plans to enable the institution or payment institution to remove outsourced functions and data from the service provider and transfer them to alternative providers or back to the institution or payment institution or to take other measures that e… (4.15 107(b), Final Report on EBA Guidelines on outsourcing arrangements)
  • ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions. (§ 107(2)(d), UK Data Protection Act 2018 Chapter 12)
  • ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions. (§ 107(2)(d), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements. (CIS Control 11: Safeguard 11.3 Protect Recovery Data, CIS Controls, V8)
  • The organization has plans to identify, in a timely manner, the status of all transactions and member positions at the time of a disruption, supported by corresponding recovery point objectives. (PR.IP-4.3, CRI Profile, v1.2)
  • The recovery plan includes recovery of clearing and settlement activities after a wide-scale disruption with the overall goal of completing material pending transactions on the scheduled settlement date. (RC.RP-1.4, CRI Profile, v1.2)
  • The organization has plans to identify, in a timely manner, the status of all transactions and member positions at the time of a disruption, supported by corresponding recovery point objectives. (PR.IP-4.3, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • The recovery plan includes recovery of clearing and settlement activities after a wide-scale disruption with the overall goal of completing material pending transactions on the scheduled settlement date. (RC.RP-1.4, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • One or more processes to preserve data, per Cyber Asset capability, for determining the cause of a Cyber Security Incident that triggers activation of the recovery plan(s). Data preservation should not impede or restrict recovery. (CIP-009-6 Table R1 Part 1.5 Requirements ¶ 1., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Recovery Plans for BES Cyber Systems CIP-009-6, Version 6)