Content library
TiHL: Suositus tietoturvan vähimmäisvaatimuksista
2.7: Varautuminen häiriötilanteisiin

How to fill the requirement

TiHL: Suositus tietoturvan vähimmäisvaatimuksista

2.7: Varautuminen häiriötilanteisiin

Task name
Priority
Status
Theme
Policy
Other requirements
Creating and documenting continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
34
requirements

Task is fulfilling also these other security requirements

T05: Jatkuvuuden hallinta
Katakri
17.1.2: Implementing information security continuity
ISO27 Full
​​​​​​​ID.SC-5: Response and recovery
NIST
PR.IP-9: Response and recovery plans
NIST
RC.RP-1: Recovery plan
NIST
1. Task description

Sometimes an unexpected event, such as a fire, flood, or equipment failure, can cause downtime. In order to be able to continue operations as quickly and smoothly as possible, continuity planning is carried out, i.e. planning the operations in advance for these exceptional situations.

Each continuity plan shall contain at least the following information:

  • Event for which the plan has been made
  • Goal for recovery time
  • Responsible persons and related stakeholders and contact information
  • Planned immediate actions
  • Planned recovery steps
Preparation of contingency plans based on risk assessments
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
2
requirements

Task is fulfilling also these other security requirements

13 a §: Häiriötilanteista tiedottaminen ja varautuminen häiriötilanteisiin
TiHL
2.7: Varautuminen häiriötilanteisiin
TiHL: Tietoturva
1. Task description

Tiedonhallintayksikön on suoritettava olennaiset riskiarvioinnit sen tietoaineistojen käsittelyn, tietojärjestelmien hyödyntämisen ja toiminnan jatkuvuuden suhteen. Riskiarvioinnin perusteella tiedonhallintayksikön on:

a) Laadittava valmiussuunnitelmat ja etukäteisvalmistelut häiriötilanteiden varalle.

b) Suoritettava muut tarvittavat toimenpiteet, jotta tietoaineistojen käsittely, tietojärjestelmien hyödyntäminen ja niihin perustuva toiminta voivat jatkua mahdollisimman häiriöttömästi normaaliolojen häiriötilanteissa sekä valmiuslaissa (1552/2011) tarkoitetuissa poikkeusoloissa.

Continuity of critical tasks in exceptional situations
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
4
requirements

Task is fulfilling also these other security requirements

VAR-05: Henkilöstön saatavuus ja varajärjestelyt
Julkri
Article 11: Response and recovery
DORA
2.7: Varautuminen häiriötilanteisiin
TiHL: Tietoturva
1.6.3: Crisis preparedness
TISAX
1. Task description

The organisation has identified the tasks that are critical for the continuity of its operations. Alternative courses of action for specific exceptional situations and staff availability and contingency arrangements have been planned and prepared for the continuation of critical tasks.

To implement the continuation plans, the plan owners, their alternates and other persons required to implement the plan have been identified. In addition, their ability to carry out their tasks under normal circumstances has been ensured.

Developing an incident response plan for critical information systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
14
requirements

Task is fulfilling also these other security requirements

RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
HAL-17: Tietojärjestelmien toiminnallinen käytettävyys ja vikasietoisuus
Julkri
VAR-09: Tietojärjestelmien toipumissuunnitelmat
Julkri
CC7.4: Responding to identified security incidents
SOC 2
1. Task description

The organization shall establish a incident response plan for security incidents to critical information systems. Response plans should also be tested by the necessary organizational elements. The plan should take into account at least:

  • The purpose of the information system and the precautions to be taken in the event of its disruption
  • Recovery plans, targets, and priorities for the order of recovery of assets
  • The role of implementing the response plans and the contact details of the persons assigned to the roles
  •  Continuation of normal operations regardless of the state of the information systems.
  • Distribution, approval and review of response plans

In addition, the plan should at least:

  • Establish a roadmap for developing disruption management capacity
  • Describe the structure and organization of incident management capability
  • Provides metrics to measure incident management capability
Testing and reviewing continuity plans related to cyber security breaches
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
9
requirements

Task is fulfilling also these other security requirements

PR.IP-10: Response and recovery plan tests
NIST
RS.IM-2: Response strategies update
NIST
RC.IM-2: Recovery strategies
NIST
Article 11: Response and recovery
DORA
2.7: Varautuminen häiriötilanteisiin
TiHL: Tietoturva
1. Task description

The organization must test and update its response to the security breach at scheduled intervals or after significant changes. For critical parts of the organization, operational plans should be tested at least annually. Test results should be documented and communicated to improve the plan.

Considering cyber security breaches in continuity planning
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
10
requirements

Task is fulfilling also these other security requirements

PR.IP-9: Response and recovery plans
NIST
RS.MI-2: Incident mitigation
NIST
RC.RP-1: Recovery plan
NIST
RC.RP: Recovery Planning
NIST
2.7: Varautuminen häiriötilanteisiin
TiHL: Tietoturva
1. Task description

The organization must document in advance procedures for responding to security breaches to ensure the actions of related departments, customers, and other critical partners in the event of a security breach.

Incident management resourcing and monitoring
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
11
requirements

Task is fulfilling also these other security requirements

24. Responsibility of the controller
GDPR
7.2.1: Management responsibilities
ISO27 Full
16.1.1: Responsibilities and procedures
ISO27 Full
5.24: Information security incident management planning and preparation
ISO27k1 Full
Article 17: ICT-related incident management process
DORA
1. Task description

Management shall define responsibilities and establish procedures to ensure an effective and consistent response to security incidents.

Management must ensure e.g.:

  • interference management has clear responsibilities
  • there is a documented process for responding, handling and reporting incidents

The process must ensure e.g.:

  • staff have a clear contact point / tool and instructions for reporting incidents
  • the reported security breaches will be addressed by qualified personnel in a sufficiently comprehensive manner
No items found.