ISSeG logo

 Training and Dissemination web site

 FP6 logo

Integrated Site Security for Grids

 A project co-funded by EU FP6 programme
Home page

Top Recommendations
Top Threats
Security Checklists
Risk assessment

my Role
my Site
my Community
All Recommendations
All Threats
Training
Downloads

Security terms


Contact
ISS & ISSeG

Recommendation
Document your operating procedures

ID: R12
What: Operating procedures should be documented, maintained and made available to all users who need them.
Why: Documented operating procedures help ensure that tasks involving human intervention are carried out in a consistent, professional manner, and contribute to avoiding errors which may compromise the availability and integrity of information or services.
How :

Documented procedures should be prepared for system activities associated with information processing and communication facilities, such as computer start-up and close-down procedures, backup, equipment maintenance, media handling, computer room and mail handling management, and safety.

The operating procedures should specify the instructions for the detailed execution of each task, including:

  • The processing and handling of information (see R7)
  • Backup (see R18)
  • Scheduling requirements, including interdependencies with other systems, earliest job start and latest job completion times
  • Instructions for handling errors or other exceptional conditions which might arise during job execution, including restrictions on the use of system utilities
  • Support contacts in the event of unexpected operational or technical difficulties
  • Special output and media handling instructions, such as the use of special stationery or the management of confidential output, including procedures for secure disposal of output from failed jobs (see R11)
  • System restart and recovery procedures for use in the event of system failure
  • Management of audit-trail and system log information (see R23).
Operating procedures, and the documented procedures for system activities, should be treated as formal documents and changes authorized by management. Where technically feasible, information systems should be managed consistently, using the same procedures, tools, and utilities.

The following links provide information on operations procedures for different environments:
Relevant recommendations

R7, R11, R18, R23
Relevant threats:

T1, T16, T25, T26, T27, T30

Relevant ISS audit questions: Q35, Q44, Q59, Q66, Q73, Q78, Q86, Q93, Q100, Q101, Q102
Keywords Application, Incident, Management, System administrator, User
Recommendation Category:
Technical - Administrative - X  Educational -
Copyright (c) Members of the
ISSeG Collaboration
2008		 Top of page Home page Information Society and media logo

This is version 5.2 of the website - view release notes
 -view visitor statistics