DR aligned with SM, taken from Rasika's proposal

git-svn-id: http://svn.cacert.org/CAcert/Policies@1190 14b1bab8-4ef6-0310-b690-991c95c89dfd
pull/1/head
Ian Grigg 15 years ago
parent d43733e796
commit ab27240777

@ -510,9 +510,9 @@ by team or board.
<h3> <a name="4.1">4.1.</a> System administration </h3>
<p>
Primary systems administration tasks shall be conducted under four eyes principle.
These shall include
backup performance verification,
Primary systems administration tasks
shall be conducted under four eyes principle.
These shall include backup performance verification,
log inspection,
software patch identification and application,
account creation and deletion,
@ -520,12 +520,15 @@ and hardware maintenance.
</p>
<p>
System administrators must pass a background check and comply with all applicable policies in force.
System administrators must pass a background check
and comply with all applicable policies in force.
</p>
<h4> <a name="4.1.1">4.1.1.</a> Privileged accounts and passwords </h4>
<p>
Access to Accounts (root and user via SSH or console) must be strictly controlled.
Access to Accounts
(root and user via SSH or console)
must be strictly controlled.
Passwords and passphrases entered into the systems will be kept private
to CAcert sysadmins in all cases.
</p>
@ -539,7 +542,7 @@ shall be authorized to access accounts.
<p class="q">Assumes above that there is no reason to have access
to a Unix-level account on the critical machines unless on the Access List.</p>
<h5> <a name="4.1.1.2">4.1.1.2.</a> Access to </h5>
<h5> <a name="4.1.1.2">4.1.1.2.</a> Access to Systems</h5>
<p>
All remote communications for systems administration purposes is encrypted,
logged and monitored.
@ -745,6 +748,38 @@ secret, nor the manner in which it is kept confidential.
</p>
<h2><a name="6">6.</a> DISASTER RECOVERY</h2>
<p>
Disaster Recovery is the responsibility of the Board of CAcert Inc.
</p>
<h3> <a name="6.1"> 6.1. </a> Business Processes </h3>
<p>
Board must develop and maintain documentation on Business Processes.
From this list, Core Processes for business continuity / disaster recovery
purposes must be identified.
</p>
<h3> <a name="6.2"> 6.2. </a> Recovery Times </h3>
<p>
Board should identify standard process times for all processes,
and must designate Maximum Acceptable Outages
and Recovery Time Objectives for the Core Processes.
</p>
<h3> <a name="6.3"> 6.3. </a> Plan </h3>
<p>
Board must have a basic plan to recover.
</p>
<h3> <a name="6.4"> 6.4. </a> Key Persons List </h3>
<p>
Board must maintain a key persons List with all the
contact information needed.
</p>
<h2><a name="7">7.</a> SOFTWARE DEVELOPMENT</h2>
<h2><a name="8">8.</a> SUPPORT</h2>

Loading…
Cancel
Save