Business Continuity
Testing
业务连续性的测试
Business continuity and security incident response plans shall be subject to testing at planned intervals or upon significant
organizational or environmental changes. Incident response plans shall involve impacted customers (tenant) and other
business relationships that represent critical intra-supply chain business process dependencies.业务连续性和安全事件响
应计划应按计划的周期或在组织和环境发生重大变化时进行测试。事件响应计划应包括受到事件影响,且代表关键
内部供应链业务流程的客户(租户)和其他业务关系。
Datacenter Utilities /
Environmental Conditions
数据中心设施/环境状况
Datacenter utilities services and environmental conditions (e.g., water, power, temperature and humidity controls,
telecommunications,and internet connectivity) shall be secured, monitored, maintained, and tested for continual
effectiveness at planned intervals to ensure protection from unauthorized interception or damage, and designed with
automated fail-over or other redundancies in the event of planned or unplanned disruptions.应按计划的时间间隔对数据
基础设施服务和环境条件(如:水、电、温湿度控制、通信以及因特网连接)的持续有效性进行保障、监控、维护
和测试,保证其免于受到非授权的窃取或破坏,并设计在面临计划内和计划外中断事态时的自动化故障转移或其他
方面的冗余机制。
Information system documentation (e.g., administrator and user guides, and architecture diagrams) shall be made available
to authorized personnel to ensure the following:应确保信息系统文档(如:管理员指南、用户指南、架构图)对于授权
人员是可获取的,以确保:
• Configuring, installing, and operating the information system 配置、安装和运行信息系统;
• Effectively using the system's security features 有效使用系统的安全功能。
Physical protection against damage from natural causes and disasters, as well as deliberate attacks, including fire, flood,
atmospheric electrical discharge, solar induced geomagnetic storm, wind, earthquake, tsunami, explosion, nuclear accident,
volcanic activity, biological hazard, civil unrest, mudslide, tectonic activity, and other forms of natural or man-made disaster
shall be anticipated, designed, and have countermeasures applied.应预测、设计并应用物理防护措施以抵御自然灾害和
蓄意攻击,如火灾、洪水、大气放电、太阳磁暴、大风、地震、海啸、爆炸、核事故、火山活动、生物危机、内乱、
泥石流、构造活动和其他形式的自然或人为灾难。
To reduce the risks from environmental threats, hazards, and opportunities for unauthorized access, equipment shall be
kept away from locations subject to high probability environmental risks and supplemented by redundant equipment
located at a reasonable distance.为减少环境威胁和危害,以及未授权访问的风险,设备应远离高危环境,并将冗余设
备部署在合适的距离。
评论0
最新资源