A12. Operations Security
- What operating system(s) is/are leveraged by the system(s)/application(s)?
- Do you have a data/services recovery and restauration according to the criticality of the applications?
- Are backups securely stored?
- Do you perform backups and restore exercises?
- Do you monitor logs?
- Do you have policies and controls in place to manage IT infrastructure?
- Do you have an antivirus software on each server?
- Do you have in place measures to prevent viruses and malware from entering the facility or being loaded on to any systems?
- Will you copy customer data in non-production environments?
- Do you apply daily patches to avoid zero days attacks?