S 6.96 Contingency planning for a server

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

The partial or complete failure of a server may have dramatic effects if the server is an integral part of internal workflows or if the server supports a publicly accessible offer (e.g. e-commerce or e-government applications).

When drawing up the contingency plan, it is therefore necessary to draw up a concept detailing how the effects of a failure can be minimised and which action needs to be taken in case of a failure.

The following aspects must be taken into account in this regard:

• The contingency plan for the server must be integrated into the existing contingency plan (see also module S 1.3 Business continuity management).

• Data may also be lost due to the failure of a system. For this reason, a data backup concept must be drawn up for the server within the framework of the general data backup policy (see also S 1.4 Data Backup Policy). This concept must not only take into consideration the server itself, but also the system the server operation depends on.
• Within the framework of maintenance and service agreements or by means of proprietary inventory holding, the supply of spare parts within a period must be ensured. Therefore, the failure duration must be reduced to an acceptable extent. In the event of specific requirements regarding the availability of the server, a high-availability solution must be used, if necessary.

• The system configuration must be documented. Important tasks must be described in such a way that the entire system can be restored in the event of an emergency even without prior knowledge of this system configuration. The documentation should certainly not be present electronically only, but instructions should also exist in paper form. If necessary, configuration files can also be deposited separately on CD-ROM.
• A recovery plan must be drawn up guaranteeing that the system can be booted in a controlled manner.

• All required instructions must be reviewed and tested at regular intervals. In some cases, different approaches must be taken into consideration for different types of operating systems.

Review questions:

• Is there a contingency plan for IT system failure?
• Are there corresponding contingency plans for the IT systems depending on and/or required for server operation?
• Is there a data protection concept for the affected IT system?
• Are malfunction and emergency procedures tested regularly?