4.2 Backup management
4.2.1. The relevant entities shall maintain backup copies of information and provide sufficient available resources, including facilities, network and information systems and staff.
4.2.2. Based on the results of the risk assessment and the business continuity plan, the relevant entities shall lay down backup plans which include the following:
(a) recovery times;
(b) assurance that backup copies are complete and accurate, including configuration data and information stored in cloud computing service environment;
(c) storing backup copies (online or offline) in a safe location or locations, which are not in the same network as the system, and are at sufficient distance to escape any damage from a disaster at the main site;
(d) appropriate physical and logical access controls to backup copies, in accordance with the information classification level;
(e) restoring information from backup copies, including approval processes;
(f) retention periods based on business and regulatory requirements.
4.2.3. The relevant entities shall perform regular integrity checks on the backup copies.
4.2.4. The relevant entities shall ensure sufficient availability of resources by at least partial redundancy of the following:
(a) network and information systems;
(b) assets, including facilities, equipment and supplies;
(c) personnel with the necessary responsibility, authority and competence;
(d) appropriate communication channels.
4.2.5. The relevant entities shall ensure that monitoring and adjustment of resources, including facilities, systems and personnel, is duly informed by backup and redundancy requirements.
4.2.6. The relevant entities shall carry out regular testing of the recovery of backup copies and redundancies to ensure that, in recovery conditions, they can be relied upon and cover the copies, processes and knowledge to perform an effective recovery. The relevant entities shall document the results of the tests and, where needed, take corrective action.
Navigieren Sie sicher durch die NIS2-Richtlinie!
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!