Protective Monitoring. 11. Departments and Agencies should ensure that appropriate arrangements are in place to log the activity of users processing sensitive information, including personal data, and that these logs are reviewed regularly. Particular attention should be paid to staff who are working remotely or who have access to higher levels of functionality / broader levels of access. Further guidance on the subject is available in CESG Good Practice Guide 13 (GPG 13), Protective Monitoring for HMG ICT Systems.
Protective Monitoring. The mnitoring service monitors and alerts for platform events such as disk space or uptime. The values and conditions are compared to thresholds set during configuration, the system then alerts when they are met or exceeded. An incident is automatically raised, and the support team will then investigate this issue to completion. Patch Management Nine23 is responsible for regular patching of all aspects of the platform. Patching will include Windows server patching and appliances. Additionally, Nine23 will test and release Client operating system patches for the supported devices (EUD) on a scheduled basis. Backup/restore File storage data is backed up daily on a 14-day rotation. Additional services are available to meet requirements as needed Nine23 will carry out data restores as a response to an incident where it has been identified that it is necessary. Ad-hoc requests for restores not in relation to an incident will be responded to with reasonable endeavours. Where data restoration is deemed necessary in response to an incident resolution, targets will not apply as data restoration can take a significant amount of time and that time is outside of Nine23’s control. Where restoration is required due to a fault on the customer’s side – for example by malicious actions by staff or not allowing system patching to be completed – this work will be chargeable. Ad-Hoc Requests / Projects Any project requests that fall outside of the scope of service will be managed as a project within the Nine23 project management framework, and will be scoped, reviewed and evaluated by both parties prior to implementation Cloud Hosting Infrastructure: Back-up and disaster recovery Nine23 will provide disc-to-disc backup of all current data for all managed services. This data is held for 30 days. Nine23 will work with customers on an individual basis to define the best disaster recover strategy. APPENDICES .
Protective Monitoring. (i)IT Health Checks;
Protective Monitoring. Protective monitoring" is a set of business processes, with essential support technology, that need to be put into place in order to oversee how ICT systems are used (or abused) and to assure user accountability for their use of ICT facilities. To design and implement a protective monitoring policy which complies with the NCSC and CESG Standards and Guidelines and the Authority’s Suppliers Security Operations Centre industry standard data protocols, and to monitor and record compliance with that policy in writing. To investigate and report actual and suspected violations of the Authority’s security policy detected by the protective monitoring service(s) and take appropriate and timely action to contain and remedy any violation. To keep a written record of all such violations, investigations and remedial actions. To suggest methods/approaches to prevent violations. To update and improve the protective monitoring policy in the light of any violations. The Other Authority Requirements shall continue to be met during the course of the Operational Services.
