+PS-06 Protection against Interruptions caused by Power Failures and similar Risks to Supply Facilities
---+PS-06.01B
---+PS-06.02B
---+PS-06.03B
---+PS-06.01AC
---+PS-06.02AC
---+PS-06.03AC
---+PS-06.04AC
|
1. Übersicht
PS-06 Protection against Interruptions caused by Power Failures and similar Risks to Supply Facilities
-
| Bezeichnung |
Standard |
|
PS-06.01B
|
Measures to prevent the failure of the technical supply facilities required for the operation of system components with which cloud service customer data is processed and to protect equipment containing cloud service customer data, are documented and set up in accordance with the security requirements of the cloud service provider (cf. PS-01) with respect to the following aspects:
1. Operational redundancy (N+1) in power and cooling supply;
2. Use of appropriately sized uninterruptible power supplies (UPSes) and emergency power supplies (EPSes), designed to ensure that all data remains undamaged in the event of a power failure. The functionality of UPSes and EPSes is checked at least annually by suitable tests and exercises (cf. BCM-04);
3. Maintenance (servicing, inspection, repair) of the utilities in accordance with the manufacturer's recommendations; and
4. Protection of power supply and telecommunications lines against interruption, interference, damage and eavesdropping.
Measures to prevent the failure of the technical supply facilities are e.g. power supply, cooling, fire-fighting technology, telecommunications, security technology, etc.
Cloud service providers can ensure that all data remains undamaged in the event of a power failure by shutting down servers following a defined procedure.
Power supply and telecommunications lines can be protected against interruption, interference, damage and eavesdropping by e.g. underground supply via different supply routes.
|
|
PS-06.02B
|
Uninterruptible Power Supplies (UPSes) and Emergency Power Supplies (EPSes) are implemented to comply with the availability requirements defined in the Service Level Agreement.
|
|
PS-06.03B
|
The protection of power supply and telecommunications lines is checked regularly, but at least every two years as well as in case of suspected manipulation, by qualified personnel regarding the following aspects:
1. Traces of violent attempts to open closed distributors;
2. Up-to-dateness of the documentation within the distributor;
3. Conformity of the actual wiring and patching with the documentation;
4. The short-circuits and earthing of unneeded cables and wires are intact; and
5. Impermissible installations and modifications.
The subcriterion requires the check to be performed at least every two years. If no check was performed during the specified period of a Type 2 engagement, the auditor shall note in the test result that there was 'no occurrence' provided that the previous check was performed within the two years required by the criterion. For the evaluation of the design of the control, the auditor may obtain evidence regarding the previous check, even if this check did not occur within the specified period of the engagement. If there was no check performed for two years, the auditor shall note a deviation.
|
|
PS-06.01AC
|
The cooling supply system is designed in such a way that the permissible operating and environmental parameters are also ensured on at least five consecutive days with the highest outside temperatures that can reasonably be estimated to occur at the locations of the premises and buildings within the lifespan of the cooling supply system, with an appropriate safety margin.
This subcriterion demands the implementation of concrete measures to fulfil the policy required by PS-01.03AC. The cloud service provider also determines the highest outside temperatures that can reasonably be estimated to occur at the locations of the premises and buildings within the lifespan of the cooling supply system as part of PS-01.03AC.
|
|
PS-06.02AC
|
The connection to the telecommunications network is designed with sufficient redundancy so that the failure of a telecommunications network does not impair the security or performance of the cloud service provider.
|
|
PS-06.03AC
|
The cloud service provider implements measures to ensure the compatibility of the conditions for installation, maintenance and servicing of the related technical equipment (e.g., electrical power, air conditioning, fire protection) with the cloud service's availability and security requirements.
|
|
PS-06.04AC
|
The cloud service provider ensures that maintenance agreements for equipment used for the hosting of the cloud service enable the timely installation of security updates on this equipment.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|