Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.3. Maintenance Operations<br />
The following are the Non-Mandatory Procedures that support the Maintenance<br />
Operations section <strong>of</strong> the Default Security Requirements:<br />
6.3.1. Plan for, and Provide Notification <strong>of</strong>, Security Operations<br />
Agencies should ensure appropriate entities within the agency are notified<br />
prior to the initiation <strong>of</strong> scheduled security operations (Risk, Vulnerability and<br />
Security Assessments, System Audits, Contingency and Incident Response Plan<br />
Tests and solution implementations):<br />
6.3.1.1 Identify Affected Systems<br />
Collect and document the information that defines the system.<br />
6.3.1.2 Issue Notification and Solicit Response<br />
Preliminary notification allows stakeholders the opportunity to<br />
influence work and scheduling before too much time is spent<br />
developing codified plans:<br />
• Identify appropriate stakeholders.<br />
• Provide preliminary notification to stakeholders.<br />
• Solicit response to preliminary notification.<br />
• Adjust preliminary specifications accordingly.<br />
6.3.1.3 Issue Implementation Plans and Solicit Response<br />
All stakeholders must review implementation plans to ensure that the<br />
work does not inadvertently impact other operations and must<br />
provide sign-<strong>of</strong>f to indicate their acceptance <strong>of</strong> the work and any<br />
intended impact:<br />
• Identify appropriate stakeholders.<br />
• Provide a detailed implementation plan to stakeholders:<br />
• Solicit response to implementation plan.<br />
• Adjust implementation plan accordingly.<br />
6.3.1.4 Provide Update Notifications Throughout Operations<br />
As work operations progress stakeholders are to be provided status<br />
notifications according to an agreed upon schedule:<br />
• Establish a notification schedule:<br />
• Follow the notification schedule as laid out during work. If<br />
work does not go as planned, ad hoc notification may be<br />
adopted.<br />
22