CP-03 Contingency Training

Control: The organization trains personnel in their contingency roles and responsibilities with respect to the information system and provides refresher training [Assignment: organization- defined frequency, at least annually].

Supplemental Guidance: None.

Control Enhancements:

(1) The organization incorporates simulated events into contingency training to facilitate effective response by personnel in crisis situations.

(2) The organization employs automated mechanisms to provide a more thorough and realistic training environment.

Baseline: LOW Not Selected MOD CP-3 HIGH CP-3 (1)

Family: Contingency Planning

Class: Operational

ISO 17799 mapping: 14.1.3, 14.1.4

COBIT 4.1 mapping: DS4.6

PCI-DSS v2 mapping: 12.9.4