This is a site designed to make it easier to take the core of large published reports and allow anyone to comment on them.


10.7.5 A configuration management plan and processes covering the communications and information systems providing the service must be designed and implemented. Operational and security configuration must be checked for compliance with documentation, supplemented by a penetration test in accordance with commercial best practice. Configuration changes must be approved by the service manager before implementation and must be subject to secure audit (technical or procedural). Software must only be introduced with the approval of the service manager and a ful inventory of al hardware and software and a network diagram showing al approved connections must be maintained. 10.7.6 Failure impact analysis must be carried out and recorded for al information and communications components. This must be reviewed in the event of significant configuration changes. No upgrades wil be permitted without prior offline testing and assessment. 10.7.7 A commercial best practice self-test process must be in place. 130 For example, use of multi-tier, high redundancy architectures (eg redundant processor configurations, mirrored disks, RAID arrays etc) and geographical distribution. e-Government framework for Information Assurance Draft 5.1 Page 91 10.7.8 A business continuity plan must be in place and subject to regular rehearsal and review. The plan must address: management roles and responsibilities for business continuity; recovery procedures and audit trail; security specific recovery actions.

Email this to a friend.
Previous itemNext item.


(You must give a valid email address, but it will not be displayed to the public.)

We only allow the following html tags em strong blockquote p br. After posting, there may be a short delay before your comment appears on the site