Control |
Description |
Business Continuity Plan (BCP) |
A formal Business Continuity Plan which includes processes to address all mission-critical business processes. |
Change Management |
A formal change management process to ensure that all changes to systems, networks, and processes are appropriately reviewed and approved. |
Disaster Recovery Plan (DRP) |
A formal Disaster Recovery Plan which includes processes to ensure that the critical business processes will continue to operate if there is a failure of one or more information processing or telecommunication resources. |
Security Policies |
Documented and written policies, guidelines, and procedures for safe handling and protection of data. |
Security Training |
An information security awareness program and security awareness training mandatory for all employees. Role-specific security training for personnel that is relevant to their business function. |
Background Checks |
Documented process for background screenings or background checks for all employees with access to institutional data. |