S 2.5 Data media archives

Logo Datenträgerarchiv

Description

Data media archives serve for keeping all types of data media. Within the framework of IT baseline protection, no additional fire protection requirements are laid down for an archives room. Fire protection can, according to the needs of the IT operator, be ensured by means of the containers housing the data media.

When using central data media archives and data backup archives it is advisable to install protective cabinets (see module S 2.7) to support the fire protection, the protection against unauthorised access, and the implementation of access authorisations.

In general, module S 2.5 Data media archives is also suited for paper, film or other files, even if it is not primarily designed for this application. In this case, some recommendations in the assigned safeguards must be reinterpreted accordingly.

Threat scenario

The following typical threats to the IT-Grundschutz of data media archives are assumed to exist:

Force Majeure

T 1.4 Fire
T 1.5 Water
T 1.7 Inadmissible temperature and humidity
T 1.8 Dust, soiling

Organisational Shortcomings

T 2.1 Lack of, or insufficient, rules
T 2.6 Unauthorised admission to rooms requiring protection

Deliberate Acts

T 5.3 Unauthorised entry into a building
T 5.4 Theft
T 5.5 Vandalism

Method recommendation

To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.

A series of safeguards must be implemented for data media archives, starting in the planning and design phase up to the daily operation phase. The steps to be followed in this case as well as the safeguards to implement in each phase are listed in the following.

Planning and design

The basic structure of data media archives and thus the essential general conditions for their use are defined in the planning and design phase. When equipping a new building there is naturally more freedom. If a data media archive is to be installed in an existing building, the remaining possibilities for structuring the use of a building are in most cases limited, especially in the case of leased buildings.

When selecting a room to accommodate the archive its protection features are largely fixed and subsequent corrections, such as the removal of water pipes, are only possible with considerable effort. Necessary technical installations, such as air conditioning or the use of an alarm system, should therefore be already specified when planning or selecting the data media archive, if possible.

Implementation

Before the data archive is put into operation, organisational regulations must be defined to support the orderly and secure operation.

Operation

During live operation, appropriate checks must be carried out to ensure the specified regulations are actually implemented in practice. Above all, this includes ensuring that only authorised persons have access to the archive and that the archive is locked while no-one is present there.

The bundle of security safeguards relating to data media archives are presented in the following.

Planning and design

S 1.7 (A) Hand-held fire extinguishers
S 1.10 (Z) Safe doors and windows
S 1.18 (Z) Intruder and fire detection devices
S 1.24 (C) Avoidance of water pipes
S 1.27 (B) Air conditioning of the technology / in technology rooms

Implementation

S 2.17 (A) Entry regulations and controls
S 2.21 (A) Ban on smoking

Operation

S 1.15 (A) Closed windows and doors
S 1.23 (A) Locked doors