S 2.350 Withdrawal from operation of SAP systems

Initiation responsibility: Head of IT, Information Security Management

Implementation responsibility: Administrator

If a decision is made to take an SAP system out of operation because it will be replaced by a newer system version on new hardware, for example, the issues described in the following must be taken into consideration. The safeguards are intended to prevent an attacker from misusing the identity of the SAP system no longer in use. The process for taking a system out of operation must ensure that the identity of the SAP system is deleted and made unusable.

Deletion/disposal of the storage media

The storage media of all affected computers must be securely deleted before they are reused (see S 2.167 Selecting suitable methods for deleting or destroying data). If disposing of the hardware is planned, it must be disposed of in a secure manner (see S 2.13 Correct disposal of resources requiring protection).

Removing systems from the SAP network

In general, an SAP system is part of an SAP network. Other systems therefore contain references to the system to be taken out of operation.

All references in other SAP systems or components to the system to be taken out of operation must be deleted. Amongst other things, these refer to:

It must be noted that there may also be references in systems belonging to external partners. The process for taking systems out of operation therefore must ensure that the corresponding processes are also triggered by the external partners affected.

Deleting the system from the general network

All references at the network and operating system level must be deleted. Amongst other things, these refer to:

It is recommended to use a central administration system for the list of systems available for SAPlogon stored in the saplogon.ini file and distribute the file containing the list to the clients.

Review questions:

© Federal Office for Information Security. All rights reserved.