S 6.7 Responsibilities in an emergency

Initiation responsibility: Agency/company management

Implementation responsibility: Head of IT Section; Head of Organisational Section; IT Security Management; staff responsible for the individual IT applications

An emergency organisation of limited duration may be required for the period following the occurrence of a damaging incident up to the full restoration of availability.

It is necessary to designate individuals who are authorised to determine the existence of an emergency and who can initiate the appropriate measures in the Contingency Manual (cf. S 6.2 Definition of emergency, person-in-charge in an emergency). The organisational units involved in the implementation of contingency preparedness measures must be authorised to carry out the tasks entrusted to them under their own responsibility. The regulations required to this end must be laid down in writing. Such an "emergency organigram" (organisational chart) must be approved by the agency/company management.

Additional controls:

• Is a description of the emergency organisation available?

• Are all persons and organisational units stated in the Manual aware of the emergency organisation?

• When was its last up-dating?

• Who co-ordinates which measures?