NIS2 emergency measures and alternative operating procedures for severe disruptions

In the event of a cyberattack or other significant disruptions, a quick and effective response is crucial to secure and rapidly restore business operations. The following emergency measures and alternative operating procedures ensure that critical business processes can be continued or restored.

Emergency Measures

Isolation of Affected Systems
Once an incident is detected, all affected IT systems are disconnected from the network to prevent the spread of malware or unauthorized access. This involves deactivating the network connections of compromised systems and locking potentially compromised user accounts. An isolated network area is set up to further analyze the incidents. The IT Security Officer is responsible for this.

Activation of the Incident Response Team (IRT)
The Incident Response Team is immediately notified to coordinate all response measures. This includes alerting all IRT members and holding an emergency meeting. Activation and coordination are carried out by the IT Security Officer.

Securing of Evidence
To identify the cause of the incident and prepare for forensic analysis, all relevant data and logs are secured. This includes copies of logs, network data, and affected files. Any anomalies and signs of possible attacker activities are documented. The IT Security Officer is responsible for this.

Communication
Clear and transparent communication is essential. The Communications Officer ensures that both management and affected departments receive regular updates. If external parties such as customers, suppliers, or authorities are affected, coordinated communication is initiated.

Data Recovery
To quickly resume operations, affected data is restored from backups. The IT team ensures that backup systems are activated and the integrity of the data is verified after restoration.

Alternative Operating Procedures

Manual Processes
If IT systems fail, manual processes are activated for essential business functions such as order processing, invoicing, and procurement. Paper forms and physical documents are used to maintain operations as much as possible.

Use of Backup Servers
To continue critical processes such as production, accounting, and customer service, backup servers and infrastructures independent of the main network are activated. Switching to synchronized backup data centers and alternative communication channels ensures continuity.

Engagement of External Service Providers
If internal systems are unavailable, certain critical business processes are outsourced to external service providers. This may include temporary takeover of IT support, supplier management, or customer service.

Alternative Site Operation
If the main site becomes unusable, an alternative location is used to continue operations. Employees and resources are relocated, and cloud services as well as remote workplaces ensure continuity.

Prioritization of Business Processes
For efficiency, business processes are prioritized according to their criticality. The focus is on restoring the most affected and business-critical processes, such as production and customer service, while allocating resources accordingly.

Testing and Training

Annual Tests
Annual tests of emergency measures and alternative operating procedures are conducted to ensure their effectiveness. These tests include simulated emergency scenarios that require activation of the Business Continuity Plan (BCP). The Business Continuity Manager analyzes the test results and adjusts the measures accordingly.

Employee Training
Regular training ensures that all employees know their role in an emergency and can act effectively. Training sessions cover specific scenarios, and key personnel are trained in handling manual processes and alternative procedures.

Documentation and Continuous Improvement

All emergency measures, alternative operating procedures, and test results are thoroughly documented and archived in a central system. The Business Continuity Manager regularly reviews the BCP and implements improvements based on new insights and threat analyses to ensure the best possible security and continuity of the company.

Conclusion

Clear structuring and regular review of emergency measures and alternative operating procedures significantly strengthen corporate resilience. The swift isolation of affected systems, clear communication, and the ability to continue critical processes through alternative means ensure that the company remains operational even in severe disruptions. Regular testing and employee training ensure that all involved know their roles and can respond effectively. With the continuous adaptation of the Business Continuity Plan to current threats, the long-term security and stability of business operations are assured.