IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.12 Emergency preparedness exercises
Initiation responsibility: Agency/company management; IT Security
Management
Implementation responsibility: Head of IT Section; staff responsible for
emergency preparedness (contingency
planning); Administrators
Emergency preparedness exercises serve to check the effectiveness of
measures in the field of contingency planning. On the one hand, the effective
and smooth execution of a contingency plan will be tested in an emergency
preparedness exercise, and on the other hand, previously undiscovered
shortcomings will be detected. Typical exercises are:
- alerting exercise;
- conducting fire drills (c.f. S 6.17 Alert plan and fire drills);
- functional testing of generators;
- restart after failure of a selected IT component; and
- restoring of data backups.
The results of an emergency preparedness exercise must be documented.
Emergency preparedness exercises are to be held at regular intervals. Since
such exercises can have a disruptive effect on normal operations, their
frequency should be geared to the threat scenario; however, the pertinent
exercises should, as a minimum, be held once a year. Staff training activities
(first-aid, fire-fighting, etc.) must be carried out to a necessary extent.
Before an emergency preparedness exercise is held, prior approval must be
obtained from the agency/company management.
Additional controls:
- Are emergency preparedness exercises held at regular intervals?
- Do detected shortcomings give rise to a revision of contingency plans?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000