S 6.4 Documentation on the capacity requirements of IT applications

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Head of IT Section; staff responsible for the individual IT applications

As regards internally and externally available alternatives to IT applications, the relevant capacity requirements are to be documented. These include:

• CPU power;

• disk capacities;

• data transmission speed; and

• speed of other hardware components (printer, document reader, etc.)

The capacity requirements of an IT application are to be reviewed to see whether they might be reduced for the duration of an emergency so as to allow restricted IT operations (e.g. reduction of the number of connected terminals). These restricted capacity requirements for an emergency must also be documented and up-dated.

Additional controls:

• Have capacity requirements been established for every IT application?

• Do these capacity requirements tally with the actual status regarding procedures?

• Have the IT applications been reviewed as regards reducing the capacity requirements?