S 6.57 Creation of an emergency plan for the failure of the management system

Initiation responsibility: Head of IT, Information Security Management

Implementation responsibility: Administrator

Even management systems can fail for various reasons, for example, as a result of a computer crash caused by software or hardware errors, power failure or sabotage. As management systems are primarily used in relatively large systems, there should be both a contingency concept as described in module S 1.3 Business continuity management and a data backup policy (see module S 1.4 Data backup policy) in place for these systems.

The scope of such a contingency concept must then also include the specification and documentation of regulations for the failure of the management system. In particular, regulations covering the rules of behaviour in the event of failure of the different management system components (manager, management server, management console) must be made.

In addition, it is absolutely necessary to draw up a recovery plan for the management system as a whole or its individual components. Ideally, the management system should restart automatically. As part of the data backup, backup copies of the management system software should be available in case all data is lost (disk crash). The storage location must be noted in the business continuity handbook. Furthermore, the details required to gain access to the storage location must also be noted in the handbook, for example the names and telephone numbers of the employees who know the necessary safe combinations or passwords (see also S 2.22 Escrow of passwords).

Review questions:

• Are regulations defined for the failure of the management system as part of a contingency concept?
• Is a recovery plan for the management system and its individual components available?