Security standards should be an integral part of the entire business continuity planning process. During a disaster, security becomes very important due to potential changes in the working environment, personnel, and equipment. Consequently, different security risks will emerge that should be considered during the risk assessment process. Ultimately, mitigating strategies should incorporate the various risks identified to ensure that adequate security controls are in place if an event triggers the implementation of the BCP. Additionally, security standards should be incorporated into the BCP training and testing program.Refer to the "Information Security Booklet" included in the FFIEC IT Examination Handbook for additional information.
Other Policies, Standards and Processes