Tuy nhiên, đó có thể không được có thể cho tất cả các loại lý do khác nhau. Thay vào đó, nó có thể được dễ dàng hơn để xây dựng một hệ thống chuyển đổi dự phòng ở Washington, DC, tự động chọn các chức năng ghi danh người dùng được cung cấp bởi Houston nếu có một mất điện ở Houston. | 334 Chapter 19 Preparing the System Security Plan schedule to check the size of the file systems to ensure that they do not fill up. If the systems in your C A package run any regularly scheduled diagnostics on the file systems or are regularly defragmented be sure to indicate this. Contingency and Disaster Recovery Planning The Contingency Plan was discussed in Chapter 16. It is not necessary to recreate all that information in the System Security Plan. However the System Security Plan should include a brief summary indicating that the Contingency Plan exists providing the formal name of the Contingency Plan document and its publication date. If there are any other documents that are related to contingency planning that you would like the evaluation team to take into consideration be sure to name those documents in this section. For example if your C A package describes a major application that resides on top of general support systems it is likely that there is a separate contingency plan for the general support systems and such a contingency plan would be worth mentioning. In addition to noting the existence of the plan and where to find it the System Security Plan should indicate vital information on the organizational requirements surrounding the maintenance and support of the SSP should indicate who is responsible for maintaining the plan the frequency with which it must be reviewed and updated whether key personnel with duties in implementing the plan are trained on the plan and what type of Contingency Plan testing is conducted. Training and Security Awareness We already discussed the Security Awareness and Training Plan in Chapter 9. However in the System Security Plan you should state that a Security Awareness and Training Plan exists and provide the formal document name. A Security Awareness and Training Plan is considered a type of operational security control which is why you should make reference to it in the System Security Plan. .