Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6.3.2.5 Verify Effectiveness <strong>of</strong> Remediations<br />
Once remediations have been implemented to production systems,<br />
system functionality must be monitored to ensure that the<br />
remediation has had the intended effect and that no unintended<br />
effects have occurred:<br />
• Monitor the target system to ensure that the remediation is<br />
working as intended and is having no negative impact.<br />
• Monitor downstream systems <strong>of</strong> the target system to ensure<br />
that the remediation is having no negative impact.<br />
• Monitor upstream systems <strong>of</strong> the target system to ensure that<br />
the remediation is having no negative impact.<br />
6.3.3. Securely Maintain Systems<br />
System maintenance is necessary for the integrity <strong>of</strong> ongoing operations.<br />
Agencies should perform this work in as secure a manner as possible:<br />
6.3.3.1 Prepare for Maintenance Activities<br />
Prepare appropriately for system maintenance to ensure that work is<br />
carried out in a manner that does not contravene security:<br />
• Prior to performing any system maintenance, follow<br />
appropriate Notification <strong>of</strong> Work standards (see section 6.3.1<br />
<strong>of</strong> these Non-Mandatory Procedures).<br />
• Prior to performing any system maintenance, follow<br />
appropriate Change Control standards (see section 5.1.3 <strong>of</strong><br />
these Non-Mandatory Procedures).<br />
• Prior to performing any system maintenance, review and<br />
approve the maintenance tools to be used.<br />
6.3.3.2 Conduct Maintenance in a Secure Manner<br />
System maintenance is essential so that systems continue to operate<br />
as intended but must be conducted in a manner that neither<br />
contravenes security while being performed nor degrades security<br />
once complete:<br />
• Only pre-authorized personnel will be allowed to conduct<br />
system maintenance.<br />
• Maintenance personnel will be authenticated prior to the start<br />
<strong>of</strong> work efforts and will be accompanied at all times.<br />
• Where remote maintenance is allowed additional security<br />
measures will be utilized.<br />
• A maintenance log will be completed for all maintenance<br />
work:<br />
• Upon completion <strong>of</strong> all maintenance work the system will be<br />
reviewed to determine whether the maintenance took place<br />
as described and to ensure security has not been<br />
compromised.<br />
24