DS5.2 IT Security Plan
Translate business information requirements, IT configuration, information risk action plans and information security culture into an overall IT security plan. The plan is implemented in security policies and procedures together with appropriate investments in services, personnel, software and hardware. Security policies and procedures are communicated to stakeholders and users.
Illustrative Controls and the TIBCO LogLogic Solution
Policies and procedures addressing backup and restoration activities must be documented, communicated, and updated to ensure guidance reflects current business conditions.
To satisfy this control objective, all policies and procedures must be accessed, reviewed, and updated periodically by appropriate users. Lack of access to these policies and procedures should indicate that they have not been regularly reviewed and updated.
Verify that IT Continuity and Security Plans have been reviewed periodically by authorized personnel.