PR.AA-03.203

Has your organization implemented a process to ensure emergency access to critical safety systems for authorized personnel?

Explanation

This question assesses whether your organization has established procedures for authorized personnel to access critical accounts during emergencies when normal access methods might be unavailable. For example, during a system outage, ransomware attack, or when primary administrators are unavailable, designated personnel should still be able to access systems necessary for safety operations. Evidence could include documented emergency access procedures, a list of personnel authorized for emergency access, logs of emergency access testing exercises, or break-glass account management policies that detail how emergency credentials are secured, accessed, and audited after use.

Implementation Example

Ensure that authorized personnel can access accounts essential for protecting safety under emergency conditions

ID: PR.AA-03.203

Context

Function: PR: PROTECT
Category: PR.AA: Identity Management, Authentication, and Access Control
Sub-Category: Users, services, and hardware are authenticated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub