This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
policies:security:develandmaint [2018/01/10 12:21] – [31. System ownership] deul | policies:security:develandmaint [2018/01/10 13:32] (current) – [39. Calamity procedures] deul | ||
---|---|---|---|
Line 6: | Line 6: | ||
For Servers and Desktops the ownership/ | For Servers and Desktops the ownership/ | ||
- | For non-scientific information systems, by definition the Scientific Director ([[policies: | + | For non-scientific information systems, by definition the Scientific Director ([[policies: |
====32. New information systems procedure==== | ====32. New information systems procedure==== | ||
- | New scientific informations systems will all fall in the 'basic risk' category. For information systems that store personel information extra security measures will be taken to adhere to the GPDR requirements. | + | New scientific informations systems will all fall in the 'basic risk' category. For information systems that store personel information extra security measures will be taken to adhere to the GDPR requirements. |
====33. Additional risk analysis==== | ====33. Additional risk analysis==== | ||
There are no scientific systems with elevated risks. So no additional risk analysis measures have to be taken. | There are no scientific systems with elevated risks. So no additional risk analysis measures have to be taken. | ||
- | For information systems storing personel information additional analysis | + | For information systems storing personel information additional analysis |
====34. Operational acceptance asset==== | ====34. Operational acceptance asset==== | ||
Information systems are implemented in close collaboration with the system owner, but no formal, written acceptance is in place. For systems ' | Information systems are implemented in close collaboration with the system owner, but no formal, written acceptance is in place. For systems ' | ||
Line 28: | Line 28: | ||
The Security manager as defined by the [[policies: | The Security manager as defined by the [[policies: | ||
====39. Calamity procedures===== | ====39. Calamity procedures===== | ||
- | There is no true calamity procedure and each case is handled ad hoc, with teh following requirements in mind: | + | There is no true calamity procedure, |
* Minimize downtime of critical services | * Minimize downtime of critical services | ||
* Communicate the calamity to all users/ | * Communicate the calamity to all users/ | ||
* Maximize the collaborative effort within the IT Department team | * Maximize the collaborative effort within the IT Department team | ||
* Strive to full resolution of the calamity | * Strive to full resolution of the calamity |