The operator shall have at least two data centres that meet high standards, particularly with regard to physical security, fire protection, power supply, cooling systems and telecommunications infrastructure.
The operator shall decide on the location of the data centres based on a risk analysis, and ensure that the data centres have different risk profiles and provide protection even in the event of a major incident adversely affecting a large geographical area.
The data centres and precautions taken to ensure their operation shall be appropriate for the fulfilment of the information security and recovery objectives specified in Articles 32a and 32b . If one of the data centres becomes inoperable, the operator shall ensure that, in particular, systemically important business processes can be continued within two hours at another data centre without the loss of any processing steps confirmed to participants.
0 commentaries
No commentaries are available for this article yet.