Allocating resources

Adapting to changing technologies

Conducting control self-assessments

Evaluating hardware needs

A backup server is available to run ETCS operations with up-to-date data.

A backup server is loaded with all relevant software and data.

The systems staff of the organization is trained to handle any event.

Source code of the ETCS application is placed in escrow.

Has all the personnel and equipment it needs.

Plans are consistent with management strategy.

Uses its equipment and personnel efficiently and effectively.

Has sufficient excess capacity to respond to changing directions.

Succession planning.

Staff job evaluation.

Responsibilities definitions.

Employee award programs.

Outsourcing the IT function.

Implementing and enforcing sound processes.

Hiring qualified personnel.

Meeting user requirement.

Key performance indicators are not reported to management and management cannot determine the effectiveness of the BSC.

IT projects could suffer from cost overruns.

Misleading indications of IT performance may be presented to management.

IT service level agreements may not be accurate.

A list of key IT resources to be secured

The basis for access control authorization

Identity of sensitive security assets

Relevant software security features