Business Continuity Plan (BCP)
To ensure that the EPLAN Cloud is always available for customers, an extensive analysis based on the proven specifications from the annex of ISO 27001 was done to determine which situations and events could jeopardize the availability of the EPLAN Cloud. The results were used to develop business continuity plans that describe specific procedures in the occurance of certain events. Regular tests and exercises are conducted to verify that, in case of an incident, the business continuity plans are both adequate and appropriate in order to respond immediately to adverse situations and to continue business operations.
Security incident management
If, despite all precautions, events occur during the deployment of the EPLAN Cloud that restrict the availability, the event is recorded as part of a standardized "incident management process". Experts immediately assess whether it is a "normal" event (so-called false positive) or an actual security incident. If it is a false positive event, the incident is closed. When security incidents are detected, a team of experts (CERT team) automatically meets to address them.
Depending on the severity of a security incident, predefined and trained standard procedures are performed to stop the cause and continuation of the event as quickly as possible, inform affected customers immediately if necessary, and restore services to the desired normal state. All security events are recorded and evaluated downstream to learn from them and avoid possible causes in the first place (post-mortem process).
EPLAN's Security and Operations team employs highly experienced security professionals whose primary function is to monitor 24/7 what is happening in the EPLAN Cloud and whether deviations from defined normal states occur. To do this, they use a standardized platform as part of an extensive report of provided log data, which both graphically prepares the states of individual services in real time and displays them in figures. In case of deviations, corresponding alarms are automatically generated. This enables the security experts to investigate the root cause immediately and, if necessary, respond immediately in accordance with trained procedures.
Crisis management is the systematic and controlled handling of crisis situations. In contrast to the previously described business continuity plan (BCP), crisis management deals with significant and serious events or situations that may severely affect the continuity of a business operation. EPLAN is aware of the importance of possible crisis scenarios and has therefore developed a dedicated program to be able to act systematically and in a controlled manner in crisis situations. This includes, among other things, quickly forming a competent crisis team, keeping the necessary communication procedures on hand, and providing disaster recovery procedures in order to remain or regain the ability to act at short notice.
The management of EPLAN regularly practices crisis situations, gaining important knowledge from these in order to constantly optimize already practiced processes and procedures for handling crises. Business continuity management (BCM) and crisis management procedures are verified through regular external audits.