S 6.11 Development of a post-incident recovery plan

Initiation responsibility: Head of IT Section; IT Security Management; staff responsible for the individual IT applications

Implementation responsibility: Head of IT Section; staff responsible for emergency preparedness (contingency planning); administrator

In order to ensure correct restart after failure of an IT system, the following information should be documented (see example in S 6.3 Development of an Emergency Procedure Manual, Part C).

• Repurchase opportunities, e.g. the use of a test computer for interactive communication or replacement procurement (c.f. S 6.14 Replacement procurement plan),

• internal/external alternatives for IT applications should be listed (c.f. S 6.6 Study of internally and externally available alternatives);

• data transmission supply (c.f. S 6.10 Contingency plans for breakdown of data transmission) for emergency operation in order to guarantee the minimum data transmission required,

• IT applications in reduced IT operations (c.f. S 6.5 Definition of "restricted IT operation"),

• system start-up of the IT components and inclusion into the IT system,

• In order to meet the availability requirements (cf. S 6.1 Development of a survey of availability requirements) of the various IT applications, a sequence for restart of the IT applications must be laid down.

The steps required for restarting an IT application should be shown in the Contingency Manual (c.f. example in S 6.3 Development of an Emerngency Procedure Manual, Part D). Such steps include, for example:

• set-up and installation of the required hardware components;

• Loading of the system software

• installation of the application software;

• provision of the necessary data, including configuration files;

• Restarting

Auditable logging of the restart must be ensured.

The feasibility of the post-incident recovery plan is to be checked by emergency preparedness exercises (for both internally and externally available alternatives). When carrying out such tests, particular attention must be given to the exclusive use of the software and data held in internal or external backup archives.

Depending on the size of the used IT applications, restart can be very time-consuming. The times required by the restarting steps can be ascertained with the help of such emergency routines, and must be taken into account when reviewing the restart plan.

Additional controls:

• Does the post-incident recovery plan meet the requirements of the current IT procedures?

• Has the restart plan been tested?

• Have the time targets for restart been agreed upon with the specialised units?