+OPS-19.01B

1. Übersicht

OPS-19.01B

Policies and procedures with technical and organisational measures are documented, communicated, and provided in accordance with SP-01 to govern the timely identification and management of incidents and crashes in the system components used to provide the cloud service or of parts or the whole cloud service. These policies and procedures include specifications regarding the following aspects:

1. Classification and prioritisation of incidents and crashes;
2. Standardised incident-handling procedures for addressing known issues;
3. Escalation rules and procedures, including criteria for triggering Security Incident Management (SIM) processes in accordance with SIM-02 or internal incident management procedures;
4. Knowledge sources for incidents and crashes;
5. Criteria for determining when crashes are classified as incidents and when they trigger incident management processes;
6. Mechanisms ensuring that access to crash files is restricted to authorised personnel only;
7. Safeguards to prevent exposure of sensitive, personal, or confidential data within crash files;
8. Encryption of crash files for storage and during transmission;
9. Access management, logging, and review processes for access logs of crash files; and
10. Retention periods and secure deletion processes for crash files once no longer needed.

A crash is an incident that leads to a sudden and complete failure of a system or system component. It can be indicative of a larger problem, such as an attempted DDoS attack or an unmitigated vulnerability.

A crash file is the dump of a system's execution state, usually including contents of its storage or registers at the time of the crash (e.g. memory dump).

Criteria for determining when an incident or crash triggering Security Incident Management (SIM) processes can include, but are not limited to, the incident or crash resulting in one or more of the following:

1. Failure to uphold internal security policies, contractual agreements or relevant legal and regulatory requirements;
2. Unauthorised access to cloud service customer data or system components used to provide the cloud service in the production environment;
3. Loss or exfiltration of cloud service customer data;
4. Unauthorised changes to system components used to provide the cloud service in the production environment; and
5. Failure to uphold the availability requirements contained in the service level agreement.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html