S 6.140 Drawing up a business continuity plan for the failure of groupware systems

Initiation responsibility: Emergency Officer, Head of IT, IT Security Officer

Implementation responsibility: Administrator

In many cases, the partial or complete failure of a groupware system has serious consequences on the ability of the users to do their work, because all server-based actions can no longer be executed. When drawing up the business continuity plan, it is therefore necessary to draw up a concept detailing how the effects of a failure can be minimised and which actions need to be taken in case of a failure.

The business continuity plan for the groupware system used must be integrated into the existing business continuity plan of the organisation (see also module S 1.3 Business continuity management).

The system configuration of all groupware components must be documented. This includes the description of the hard drive partitions and their intended use (system, transaction protocol, database, etc.) as well as the documentation of the hardware, the operating system of the groupware server and the required groupware services.

Important tasks in order to maintain the groupware system or to be able to re-commission the system must be described in a way that they can be performed by correspondingly trained personnel in case of an emergency. The necessary level of detail for the documentation is determined by the know-how of the personnel available in case of an emergency. If, for example, a group of several trained administrators is employed by the organisation, corresponding know-how can be assumed in the emergency documentation. If, on the contrary, only a single trained administrator is employed by the organisation, the emergency documentation should describe important safeguards in a way that they can also be implemented by independent third party experts.

The groupware server must always be available in order to securely and uninterruptedly operate the groupware system. In order to mitigate the effects of a server failure, groupware data can be distributed to several servers by partitioning. In this case, individual server failure only affects a part of the data. Partitioning requires demand-based planning and implementation. In emergencies, it must be possible to use at least some of the groupware clients or to restore their operability. The corresponding procedure must be documented in the business continuity plan.

A system failure may also result in loss of data on the groupware servers or clients. For this reason, a data backup policy must be drawn up for groupware and should be integrated into the existing data backup policy (see also module S 1.4 Data backup policy). In the framework of contingency planning, different compromising scenarios should be taken into account and specific instructions should be provided for the case that the servers, individual services, or individual user accounts are compromised.

Regular performance of emergency drills for system recovery is strongly recommended. The emergency drills should take all aspects of a system failure and/or compromising into account. The persons responsible should newly install individual services in a special test environment (e.g. after being compromised) and practice their restoration. The test system should be as similar as possible to the productive system.

in some cases the restoration of data or the repair of a groupware system requires sensitive access information such as cryptographic keys or passwords. It must be ensured that the business continuity plan specifies a procedure for such cases. In addition, it must be ensured by means of data backups or other safeguards that this information is available in case of an emergency.

A recovery plan must be drawn up guaranteeing that the groupware system can be booted in a controlled manner after a failure.

Review questions:

© Federal Office for Information Security. All rights reserved.