Navigation and service

An IT emergency may occur if the IT components used in a workplace stop working as usual. While not every hardware or software malfunction is caused by a cyber attack, the failure of an IT system could indeed be due to an incursion of this kind and therefore constitute an IT emergency.

IMPORTANT: Assessing this type of situation must not be the responsibility of a single employee. This is why the IT emergency card meant to be used by all the employees at a given organisation. The idea is that employees should reach out to the appropriate technical personnel one more time in cases of doubt. These IT specialists should decide whether or not an incident is an IT emergency.

The BSI-Standard „100-4: Business Continuity Management“ defines an emergency as „[…] a damage event in which the processes or resources of an organisation do not function as intended. The availability of the corresponding processes or resources cannot be restored in the required time frame. Business operations are seriously affected. It may be impossible to uphold any existing service level agreements (SLAs). The resulting damage is serious or even severe, and it affects the annual results of a company or the ability of a public authority to fulfil its tasks to an unacceptable extent. Emergencies cannot be handled during general daily business operations; they require a special emergency response organisation.“
If the damage event is triggered by IT components, this constitutes an IT emergency.

The IT emergency cards 'Verhalten bei IT-Notfaellen', 'What to Do in an IT Emergency', together with the two documents 'Safeguard Catalogue for Business Continuity Management and IT Emergencies in Focus' and 'Top 12 Safeguards Against Cyber Attacks', form a basic introductory package on the topic of business continuity management. They help people prepare for and respond to IT emergencies and disruptions.

The 'IT emergency card' can be printed out in various sizes and put up in central locations (e.g. in corridors); it can also be handed out to employees individually if applicable. The card provides a concise and generally applicable overview of what to do in an IT emergency and is intended primarily for an organisation's IT users. It focuses on three core messages:

1. Know who to contact within the organisation and how to reach them (preferably by telephone) in case of an IT emergency or disruption.
2. Pass on crucial information about IT emergencies and disruptions immediately.
3. Take countermeasures only after consulting with/receiving instructions from the contact persons responsible for IT emergencies and disruptions.

The 'Safeguard Catalogue for Business Continuity Management' explains how to deal with IT emergencies in more detail. It divides IT business continuity management into four phases: preparation, readiness, response and follow-up. The safeguard catalogue is primarily aimed at managing directors and IT managers at small and medium-sized enterprises (SMEs) who:

• Are looking for an effective way to get started with business continuity management
• Want to address the wide variety of threats associated with the ongoing digital transition
• Want to improve their company’s cyber resilience through effective business continuity management

The „Top 12 Safeguards Against Cyber Attacks“ document completes the package with a number of questions that IT managers and administrators (primarily at SMEs) must ask themselves in order to respond effectively to an IT emergency.

The telephone number of the specific entity to contact in case of an IT emergency or disruption can and should be added to the IT emergency card using PDF viewing software. This entity might be an IT support team or an assisting IT service provider, for example. The IT emergency card can then be printed out in various sizes and put up in central locations (e.g. in corridors); it can also be handed out to employees individually if applicable.

In order to respond appropriately to IT emergencies, organisations should observe the information in the 'Safeguard Catalogue for Business Continuity Management – IT Emergencies in Focus' and put it to use in line with their particular circumstances. Specifically, those individuals who will be contacted by IT users in case of doubts should be notified of the introduction and intended use of the IT emergency card. These individuals must be reachable and ready to assist.

Once the telephone number of the specific entity to contact has been added, the IT emergency card can be put up in central locations (e.g. in corridors) and handed out to individual employees. Essentially, it can be used in any institution, organisation or company – really, anywhere at all.

The BSI strongly encourages the use and distribution of the IT emergency card 'Verhalten bei IT-Notfaellen', 'What to Do in an IT Emergency'.

In addition to the conditions of use published here, the following extended conditions apply to the use of the IT emergency card::

Both you and your service providers are permitted to use the IT emergency card within your organisations. You are also allowed to reproduce and distribute it and fill in the appropriate fields so that employees have instructions to hand in the event of an IT emergency. However, no other modification of the IT emergency card is permitted, and it may not be used for any commercial purpose. If you wish to add your own logo to the IT emergency card, please use the version that provides a blank space.

The IT emergency card is available in the following foreign-language versions: Chinese (Mandarin), English, French, Italian, Polish, Spanish and Turkish.<br/> More languages are being added all the time.

IT emergencies can be as varied and specific as an organisation&rsquo;s abilities to respond to them.

Here are just a few examples of when a general instruction to disconnect any plugs or connectors would be ineffective:

• Use of mobile devices (laptops, for example, would continue to run on battery power)
• Communication via WLAN or mobile networks (no network cable is connected)

In addition to its emergency contact information, each organisation must establish emergency safeguards and instructions. Being able to reach qualified specialists quickly is the essential first step. Further safeguards can only be recommended and agreed on a case-by-case basis.