The implementation of an IT contingency plan makes sense and is a must when it comes to security attacks, but also when the IT infrastructure fails for other reasons. Log4j was the last major IT security gap that affected an extremely large number of companies and their IT infrastructures worldwide. It was necessary to close any data gaps as quickly as possible in order to prevent confidential data from leaking out.
The IT -Emergency plan – a must for companies
Many damage events affecting the IT systems of companies occur unexpectedly and suddenly, for example due to technical faults, fire, flooding or staff absences. It is important to react quickly in order to either completely avert or minimize damage to the company. An IT emergency plan comes into play here as a collection of measures to be taken and instructions on who has to do what in which case.
There are different standards depending on the operating mode , which management and IT managers can use as a guide: The BSI standard 100-4 applies to public sector companies and government agencies. It shows a systematic way to set up effective emergency management in public authorities. The aim is to prepare the institutions in such a way that the most important business processes can be resumed quickly in the event of a failure and the existence of the authority is secured.
The BVSW Digital offers courses and training
For private companies, the international standard ISO 22301 for Business Continuity Management (BCM) application. It focuses on a holistic risk assessment and involves the management levels in operational emergency management. The revised version of the ISO 22301 was in October 2019 presented. It must be implemented within three years from that date. Companies still have about six months to get certified according to the new standard.
Process analysis An IT emergency plan should document all IT systems and not just keep an eye on the pure IT infrastructure. Revenue-generating and thus business-critical processes must be prioritized. The IT emergency planning should therefore start with the recording of the company processes and their importance for the business process.
Ensuring availability If the IT is down, the IT emergency plan is used. It is therefore not expedient to store it on a central company server. IT emergency plans in printed form are of no help because they quickly become outdated and it is very difficult to keep them up to date. Instead, the plan should be saved on a notebook that has extensive administrator rights and a charged battery. For safety, this notebook should be kept in a safe.
NachrichtenJetRead MoreSicherheit, „the, company:, emergency, every, for, must, Nachrichten, plan,