Principle 18 - Security Operations Policy and Procedures (SyOps)

Detail

Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.

The service provider should have processes and procedures in place to ensure the operational security of the service.

The methods used by the service provider’s administrators to manage the operational service should be designed to mitigate any risk of exploitation that could undermine the security of the service.

[needs work]

Decision Evaluation Criteria:

[needs work]

Basis

• NIST 23 - Develop and exercise contingency or Disaster Recovery (DR) procedures to ensure appropriate availability
• CSSLP - Security Operations Procedures
• CSSLP - Business Continuity
• CSSLP - Disaster Recovery
• GDS CSP 2 - Asset protection and resilience
• GDS CSP 5 - Operational Security
• GDS CSP 12 - Secure Service Administration