APO13.02 Define and Manage an Information Security and Privacy Risk Treatment Plan

Translate business information requirements, IT configuration, information risk action plans, and information security culture into an overall IT security plan. The plan is implemented in security policies and procedures together with appropriate investments in services, personnel, software, and hardware. Security policies and procedures are communicated to stakeholders and users.

Illustrative Controls and the TIBCO LogLogic Solution

Policies and procedures addressing backup and restoration activities must be documented, communicated, and updated to ensure guidance reflects current business conditions.

To satisfy this control objective, all policies and procedures must be accessed, reviewed, and updated periodically by appropriate users. Lack of access to these policies and procedures must indicate that they have not been regularly reviewed and updated.

Verify that IT Continuity and Security Plans have been reviewed periodically by authorized personnel.

Reports and Filter Bloks

Use the following link or reference to see the APO13.02 reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.