Jump to Navigation

3.3.9 Handle Exceptions Control Objectives

"Remedying any failure to act properly" is an integral part of accountability. This starts with the need to plan beyond expected discontinuities and anomalies in the operation of services; accountable organisations must have a plan for large-scale issues. This set of control objectives deals with the ability to handle discontinuities in services.

Identifier	Control Objective	Lifecycle Phase
1.08	Ensure the organisation is ready to handle incidents related to obligations for which it is accountable (incident response). Preparedness for handling exceptional events (processes and procedures, allocate responsibility, deploy the staff, define a contingency plan, get retainer for external resources (e.g. forensics expertise), insure against risks, define metrics then track and report performance, test the system based on simulated incidents.	1+2 - Governance
5.03	Log and track the incidents in a secure, time stamped and reliable way.	5 - Handling Exceptions
5.06	Perform a root cause analysis.	5 - Handling Exceptions
5.07	Repair the affected services and restore the business processes based on recovery objectives (eg. tradeoff timeliness vs. completeness, ability to restore in full, ... ). This could be done in stages to minimise impact to stakeholders.	5 - Handling Exceptions

Table 12: Handle exceptions control objectives.

Contents

Return to home

Download the preliminary release of the Cloud Accountability Reference Architecture and the relevant A4Cloud Toolkit.

This project is partly funded from the European Commission's Seventh Framework under grant agreement no: 317550

Copyright © 2016 a4cloud. All rights reserved. Privacy Statement