Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

pe-13(1)

fire protection  | detection devices / systems

assessment objective:

Determine if the organization:  

pe-13(1)[1]  

defines personnel or roles to be notified in the event of a fire;

pe-13(1)[2]

defines emergency responders to be notified in the event of a fire;

pe-13(1)[3]

employs fire detection devices/systems for the information system that, in the event of a fire,:

pe-13(1)[3][a]

activate automatically;

pe-13(1)[3][b]

notify organization-defined personnel or roles; and

pe-13(1)[3][c]

notify organization-defined emergency responders.

potential assessment methods and objects:

Examine: [select from: Physical and environmental protection policy; procedures addressing fire protection; facility housing the information system; alarm service-level agreements; test records of fire suppression and detection devices/systems; fire suppression and detection devices/systems documentation; alerts/notifications of fire events; other relevant documents or records].

Interview: [select from: Organizational personnel with responsibilities for fire detection and suppression devices/systems; organizational personnel with responsibilities for notifying appropriate personnel, roles, and emergency responders of fires; organizational personnel with information security responsibilities].

Test: [select from: Automated mechanisms supporting and/or implementing fire detection devices/systems; activation of fire detection devices/systems (simulated); automated notifications].