S 6.145 Contingency planning for PBX systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, Head of IT

Malfunctions ranging from sporadic errors in components to failures limited to a single device may occur in every IT operation. The basis of secure IT operations is preparation for malfunctions. This includes failures or impairments of hardware and software caused by faults or compromising and by improper operation of the users.

In order to be able to react quickly and effectively in such situations, diagnostics and troubleshooting must be planned and prepared in advance. Furthermore, it makes sense to appoint persons in charge and contact persons. Immediate measures and supporting instructions should be created for typical and damage situations and ones that have occurred before. A typical immediate measure of this kind may consist of providing a separate PSTN connection with a directly connected telephone in order to be able to make emergency calls. Alternatively or additionally, mobile telephones may be provided as backup.

With the help of the so-called emergency circuit, a safeguard to be implemented in advance, the existing incoming and outgoing telephone lines may be assigned to previously defined connections. This guarantees that important facilities remain capable of acting in the event of an emergency.

For certain elements of the PBX systems it may make sense to define and provide replacement devices in order to be able to bridge an unpredictably long waiting time for equivalent replacement hardware. The replacement devices may immediately restore functionality when any necessary configuration is set. For this, the PBX system's configuration data (see S 6.26 Regular backup of PBX configuration data) must have been backed up.

When compared to the normal operating condition, such an alternative solution is often characterised by disadvantages regarding its performance or redundancy. A typical example for such an alternative solution includes a test system (with less powerful resources) What all alternative solutions often have in common is that the normal operating condition is not achieved but only bridged for a certain period of time with their help. Therefore, a business continuity plan for the PBX system must define which alternative solutions are to be used and which steps are required in order to commission these solutions. Defining the appropriate restart sequence of the PBX system's components helps select the components and basic functions which absolutely must be bridged. The more basic the functionality of the subsystem for working with the PBX system, the earlier such a subsystem should be restored or at least be replaced by a functionally equivalent alternative solution.

Practice has shown that IT overall solutions often are too complex to be able to go through all potential failure scenarios in preparation and to define appropriate restart specifications. Therefore, case-by-case definition using priority classes is recommendable. For all IT systems, priority classes that can be derived from the following criteria are defined first:

• technical interdependencies of such services
• relevance for the business processes of an organisation
• extent of the circle of users benefiting from their availability

All definitions resulting in the specification of the restart sequence must be documented preparatorily within the framework of contingency planning (for example in the business continuity handbook of the IT department). The representation of the links and dependencies, which are different in each organisation, is critical to the evaluation of malfunctions and to quick and secure intervention, especially for complex systems.

Unless all relevant specifications for emergency management regarding the PBX system can be found in an overriding business continuity handbook, these should be documented in a business continuity plan. This plan mentions all prepared and preparatorily defined immediate measures, alternative solutions, forms of emergency operations and the related initiation steps, as well as typical steps along the way to restoring normal operations. It also includes required contact information for emergencies, definitions regarding the responsibilities for initiating/performing safeguards, and specific reporting obligations in emergencies.

Securely mastering required business continuity safeguards is very important. Accordingly, typical safeguards must be practised regularly.. Unless performed within the framework of regularly performed activities during day-to-day operations, emergency drills must be used.

Review questions:

• Is there a business continuity plan for PBX systems?
• Are emergency drills regarding the PBX system performed?