Business Continuity Policy



Similar documents
PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

VICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT. ICT Business Continuity Plan. DRAFT v0.1 Page 1 of 9

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Content Management Playout Encryption Broadcast Internet. Content Management Services

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005

Supporting information technology risk management

Disaster Recovery Planning Process

Why Should Companies Take a Closer Look at Business Continuity Planning?

Changing locations every day. Can service be as mobile as a locomotive?

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Company Management System. Business Continuity in SIA

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

Incident Management, Business Continuity and IT Disaster Recovery

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Plan

Business Continuity Planning and Disaster Recovery Planning

White Paper. Managed IT Services as a Business Solution

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Symantec Residency and Managed Services

Service Catalog. it s Managed Plan Service Catalog

Market Data + Services. Advanced outsourcing solutions. IT Hosting and Managed Services

Transmission and distribution service level agreements

An Agile and Scalable Mobile Workplace

Security Controls What Works. Southside Virginia Community College: Security Awareness

CUSTOMER SATISFACTION IS HOW WE MEASURE QUALITY.

Governance and Management of Information Security

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

Disaster Recovery Plan

Security in the smart grid

Information security controls. Briefing for clients on Experian information security controls

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Proposal for Business Continuity Plan and Management Review 6 August 2008

Desktop Scenario Self Assessment Exercise Page 1

Disaster Recovery Plan The Business Imperatives

CTERA Support Policy

AdvancedHosting SM Solutions from SunGard Availability Services

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

At the Heart of Connected Manufacturing

Contents Company overview Partnering with CCE Service offerings Accreditations Service coverage ISO compliance

ISMS Implementation Guide

Proposal for Online Backup

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

CAS PIA. Description of Services

New ways to a secure IT Management

Customer Support Policy

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

SysAid Cloud Architecture Including Security and Disaster Recovery Plan

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

D2-02_01 Disaster Recovery in the modern EPU

INFORMATION ASSURANCE

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

CLOUD SERVICES FOR EMS

Vendor Audit Questionnaire

Chapter I: Fundamentals of Business Continuity Management

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

Contingency Planning Guide

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

Configuration Management in the Data Center

MECOMS Customer Care & Billing As A Service

Il nuovo standard ISO sulla Business Continuity Scenari ed opportunità

What you need to know about cloud backup: your guide to cost, security and flexibility.

SAP Managed Services SAP MANAGED SERVICES. Maximizing Performance and Value, Minimizing Risk and Cost

Intel Business Continuity Practices

Symantec and VMware: Virtualizing Business Critical Applications with Confidence WHITE PAPER

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Operations and Network Center (CORE)

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Cyber Security. Global solutions for energy automation. Benefit from certified products, system solutions.

Cost of Poor Quality:

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

PBSi Business Continuity Planning

Flinders University IT Disaster Recovery Framework

IBM Information Technology Services Global sourcing.

MHA Consulting. Business Continuity Management 101

Transcription:

Business Continuity Policy Software, consultancy and services for global trade and supply chain management

Business Continuity Policy Companies using AEB solutions for managing and monitoring their logistics and global trade processes can rely on quality, operation and data security as well as on the failure resistance of the offered IT services. AEB employees not only do their utmost to guarantee smooth processing of our services, but also provide for the risks of emergency cases: Where can disruptions occur and how can protection concepts be optimized? Which precautions and measures must be taken to immediately restore system availability in case of a highly improbable partial or complete system failure? The AEB Business Continuity Policy describes the specifications and the scope for implementing continuous operation at the top level. Internally, additional documents such as the Emergency Planning Concept and the Emergency Manual support the implementation of an effective Business Continuity Management. you can trust that the overview is maintained and AEB services will be available again quickly and professionally. To ensure business continuity and maintain a high service level, we ve taken technical and organizational measures (as outlined in Section 9 BDSG) that are expressed in our Security Concept. Remarks: AEB has developed this policy based on the Federal Office for Information Security (BSI) s standard component (100-4) on emergency management and the ISO standards ISO 22301 and ISO 22313. Some internal details regarding the organizational and operational organization, corporate processes or technical details cannot be published due to security reasons. Therefore, this documents provides a structural overview of the respective areas at AEB. The Emergency Guide transparently regulates processes and responsibilities also for emergencies and disaster recovery. This means that also in the worst case scenario, 2

1. Scope Our emergency management, which is referred to as Business Continuity Management (BCM) in the following, applies to our whole company. A key focus lies on the maintenance of the offered IT services for our customers. 2. Who is involved in Business Continuity Management? A high level of integration of the employees involved in the processes in IT infrastructure and services including data center operation is important to us. Therefore, no separate organizational structure resulted from the BCM concept. At AEB, dealing with BCM as a part of risk management is a self-evident obligation for corporate management. Therefore, we see Business Continuity Management (BCM) as being closely interlinked with our ISO 27001-certified information security management system (ISMS). There, BCM is defined as a separate regulatory area. The following key roles operate our Business Continuity Management: Emergency Officer IT Security Manager SLA Management Units of Operations and IT Infrastructure Services Management with Support AEB several years ago. Organizational aspects on topics such as crisis team, competences and crisis communication have already been regulated there. 3. How is Business Continuity Management organized? According to the BSI requirements (BSI standard 100-4), our emergency concept consists of the following two parts: An Emergency Planning Concept It contains all tools that allow us to correctly classify and evaluate our processes according to their relevance to be able to take appropriate emergency measures. The emergency planning concept deals with both prevention (reduction of the probability of occurrence or reduction of potential damages) and emergency response. The emergency planning concept also provides for regular drills. An Emergency Manual It contains specific instructions categorized by service to handle emergencies in an orderly manner. In the case of a crisis, the well-established organization for emergency processes can be applied, which has been introduced at 3

4. Basic principles of BCM In the case of an emergency, saving life and limb is first and foremost. Restoring the business processes of our customers is our utmost concern. The recovery process must be carried out immediately and according to the defined priorities and rules. Our customers applications have priority. If normal operation cannot be resumed directly, emergency operation must be set up at least. AEB has visualized all internal structures in a model, also considering the offered services. The AEB application model outlines all the services needed to use, operate and develop an application. In the considerations and measures concerning the Business Continuity Policy, the recommendations of the German Federal Office for Information Security are taken into account and transferred to the needs of AEB and AEB s customers. AEB matches the methods used for risk analysis and error detection with the recommendations. Therefore, the company s actions are constantly reviewed. To complete AEB s comprehensive security concept, processes are permanently adjusted, expanded and developed further. For effective prevention and continuous improvements, regular emergency drills must be carried out. Their results are included in the emergency management to secure quality. The same applies to insights from real emergencies. Every segment of the AEB application model is subject to multiple security specifications that are implemented as services by AEB or contractual parties after thorough analyses and appropriate preliminary studies. Vigilance, robustness and thinking in what-if scenarios are important rules. IT infrastructure Database management Business process support Basic application services Application management Application operation Application support 4

The following table merely gives an overview of the applied measures. In every area, more detailed instructions, documentation, and tools are available for the employees. Application-related areas Business processes In the case of a crisis, we involve our customers to help them keep the negative impacts of the disturbance at a minimum. With an eye on their business process, restoring operations is more urgent than analyzing the cause. This includes offering workarounds in the closest possible collaboration. We believe that making provisions for such workarounds is our task. Internally and in workshops with our customers, we discuss and develop solutions based on what-if scenarios as additional prevention measures. Application management With the help of the automated system management and the evaluation of system reports and log files, vulnerabilities can be located before disruptions occur. Application operation and support Errors which occur in a customer system are systematically scheduled and can be examined, detected, and removed via remote system maintenance if necessary. Through a proactive (24/7) monitoring of all servers and lines, AEB s Support team is enabled to immediately inform customers about disturbances of AEB services and to initiate further measures. There is not only a continuous internal exchange within the Support team, but there is also direct contact to the AEB IT specialists of the different areas. This ensures optimal support of AEB customers as well as their active and transparent notification in case of a disruption. Basic application services All critical system components have redundant architecture. Due to virtualization technologies and application clusters, it is possible to immediately restore the availability of the systems. AEB uses proven state-of-the-art technology. All important data is stored multiple times on a Storage Area Network (SAN cross-media storage). If requested and required by the customer, AEB offers different service models tailored to ensure response times, service hours or different priorities of specific services. Subsequent extensions of services or of the available processing power can be made at any time on request. Bottlenecks can thus be recognized and avoided. 5

Database management For the AEB database services, there are specifically trained database administrators available. Besides that, we have service agreements with external database specialists in place who are able to maintain and restore the systems and data around the clock depending on the customer s specific needs. A multi-level data backup is made several times a day. Backup copies are regularly placed in separate fire containment sections. Hardware and IT infrastructure The IT infrastructure layer is provided by an external data center operator who provides the following services to AEB: general power supply and UPS fire protection air condition access control The data center is monitored 24 hours a day via a remote connection. The redundant Internet connection ensures the high availability of the AEB services. The connection to the computer center of the German Federal Ministry of Finance for the processing of electronic customs procedures is ensured via a main and backup line. The hardware used meets the latest technical requirements and is maintained by our hardware suppliers as defined in customer service agreements. Emergency drills based on procedural instructions and processes that are constantly optimized are performed during system maintenance taking place at regular intervals. This helps us ensure that possibly occurring disruptions can be fixed quickly and in an experienced manner. AEB attaches particular importance to training and continuous education. AEB employees in the IT and service area are specialists who are trained continuously so that that they can fall back on comprehensive know-how. 6

Contact If you have any questions on the AEB Business Continuity Policy, please contact: AEB Gesellschaft zur Entwicklung von Branchen-Software mbh Julius-Hölder-Straße 39 70597 Stuttgart, Germany Phone +49-711-72842-300 Fax +49-711-72842-333 E-mail: info@aeb.de Managing Directors: Matthias Kiess, Markus Meissner Responsible in accordance with Section 55 RStV: Matthias Kiess, Markus Meissner The information contained in this document is the property of AEB GmbH and may not be copied or given to a third party without consent. AEB assures that, as far as possible, the information contained in this document is correct, but does not guarantee its completeness because of the constant development of information security. Please make sure you use the current version. This document serves as a guideline for AEB GmbH and states the relevance of BCM for AEB GmbH. Copyright AEB Gesellschaft zur Entwicklung von Branchen-Software mbh All rights reserved. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information