IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.9 Contingency plans for selected incidents
Initiation responsibility: Head of IT Section; Head of Organisational
Section; IT Security Management; staff
responsible for the individual IT applications
Implementation responsibility: Staff responsible for emergency
preparedness(contingency planning)
Contingency plans contain instructions on action to be taken and rules of
conduct in case of specific damaging incidents. These are incidents
jeopardising parts of the IT system which are of vital importance. A
contingency plan is aimed at ensuring restoration of availability as quickly as
possible.
A contingency plan must also take account of the interaction of a damaging
incident and of the respective contingency measure taken. For instance, a fire
can be controlled by means of a sprinkler. However, the use of water can, in
its turn, give rise to new threats, e.g. to power supply, to data media archives,
etc.
Depending on the factors in the operational environment, contingency plans
will have to be established to provide against the following incidents:
- fire
- water ingress
- power failure
- failure of the air-conditioning system
- explosion
- breakdown of data transmission (cf. S 6.10)
- sabotage.
The effectiveness of contingency plans is to be verified by means of
emergency preparedness exercises (cf. S 6.12).
Additional controls:
- Do contingency plans exist?
- Has the effectiveness of contingency plans been verified?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000