|
Initiation responsibility: Agency/company management; IT Security Management
Implementation responsibility: Head of IT Section; staff responsible for emergency preparedness (contingency planning); Administrators
Emergency preparedness exercises serve to check the effectiveness of measures in the field of contingency planning. On the one hand, the effective and smooth execution of a contingency plan will be tested in an emergency preparedness exercise, and on the other hand, previously undiscovered shortcomings will be detected. Typical exercises are:
The results of an emergency preparedness exercise must be documented.
Emergency preparedness exercises are to be held at regular intervals. Since such exercises can have a disruptive effect on normal operations, their frequency should be geared to the threat scenario; however, the pertinent exercises should, as a minimum, be held once a year. Staff training activities (first-aid, fire-fighting, etc.) must be carried out to a necessary extent.
Before an emergency preparedness exercise is held, prior approval must be obtained from the agency/company management.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |