Framework for Voluntary Preparedness - Association of Contingency ...
Framework for Voluntary Preparedness - Association of Contingency ...
Framework for Voluntary Preparedness - Association of Contingency ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Appendix D<br />
C R O S S W A L K O F R E L E V A N T R E G U L A T I O N S<br />
<strong>Framework</strong> For <strong>Voluntary</strong> <strong>Preparedness</strong><br />
Core Elements SEC NASD HIPAA FFIEC NERC<br />
Policy statement and management commitment <br />
Scope, program roles, responsibilities, and resources <br />
Risk identification, assessments and criticality impact analyses, including legal and other<br />
requirements<br />
<br />
Prevention and Mitigation Evaluation and Planning<br />
• Strategic: prioritization, objectives, targets and dependencies<br />
<br />
• Tactical: plans <strong>for</strong> avoidance, prevention, deterrence, readiness, mitigation,<br />
response, continuity, and recovery<br />
Incident management (procedures and controls be<strong>for</strong>e, during and after a disruption,<br />
including emergency management <strong>of</strong> people, business operations and technology)<br />
<br />
<br />
• Operational procedures and contingency plans<br />
• Communications and warning <br />
• Application and business function resiliency <br />
• Document, in<strong>for</strong>mation and data control and backup <br />
• Execution resources, responsibilities and finances<br />
Recovery<br />
• Rebuild, repair, restore, renovate<br />
Awareness and training<br />
Exercises and testing <br />
• Post-mortem learning<br />
<br />
Program revision and improvement<br />
<br />
• Corrective actions<br />
Non-Core Elements Specific to Regulated Industries SEC NASD HIPAA FFIEC NERC<br />
• Emergency Mode Operation Plan (security)<br />
<br />
• Enterprise wide<br />
<br />
• Independent Audit <br />
• Insurance Planning<br />
<br />
Page 19