System Owner
Offline backup
All critical backup media, documentation and other IT resources needed for IT recovery, and business continuity plans are stored offsite. The content of backup storage is determined after collaboration between...
Datacenter uptime
Data centres used in the processing of information take appropriate measures to guarantee continued uptime.
Backup procedure
For every system a documented backup procedure is available with values for the RPO (Recovery Point Objective, maximum tolerable amount of data that can be lost) and RTO (Recovery Time...
Supplier Security Management
Before engaging in an agreement with a supplier of an IT-service, an information security risk assessment is performed. Contractual agreements regarding information security are made with suppliers of IT-services. Suppliers...
Software Bill-of-Materials
The organisation must know what software is used on managed devices, including a Software “Bill-of-Materials” (BOM) of libraries and components.
Emergency updates
Emergency changes requiring immediate implementation are properly handled to ensure minimal impact on systems and IT applications. The emergency change is registered, evaluated and tested after implementation and approved by...
Patch management
Available patches and/or security fixes are installed in compliance with set and approved policies (including those for operating systems, databases and installed applications) and recommendations of CERT and/or suppliers.
Asset registration
The assets making up a system that are under control of the organisation are registered and tracked in the CMDB. System owners periodically check that the information in the CMDB...