|
Initiation responsibility: Head of IT Section; IT Security Management; staff responsible for the individual IT applications
Implementation responsibility: Head of IT Section; staff responsible for emergency preparedness (contingency planning); administrator
In order to ensure correct restart after failure of an IT system, the following information should be documented (see example in S 6.3 Development of an Emergency Procedure Manual, Part C).
The steps required for restarting an IT application should be shown in the Contingency Manual (c.f. example in S 6.3 Development of an Emerngency Procedure Manual, Part D). Such steps include, for example:
Auditable logging of the restart must be ensured.
The feasibility of the post-incident recovery plan is to be checked by emergency preparedness exercises (for both internally and externally available alternatives). When carrying out such tests, particular attention must be given to the exclusive use of the software and data held in internal or external backup archives.
Depending on the size of the used IT applications, restart can be very time-consuming. The times required by the restarting steps can be ascertained with the help of such emergency routines, and must be taken into account when reviewing the restart plan.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |