The failure of the IT security system is top priority - a lawyer Stefan Braun * analyses the responsibility of the companys management in relation to the security of IT systems
Most companies do your focus to avoid disruption of servers, routers and other hardware necessary for maintaining the IT system, only at the technical level of the system administrators who simply failures in the security of your job to worry.
Consequences for corporate governance
The resulting from a failure consequences for corporate governance at the legal level, however unequally far-reaching. The biggest threats are the corporate governance of the legal consequences of a failure. As a rule, knows the boss floor of contractual obligations, to customers and business partners no longer be met, if the technical availability of the IT system within the narrow contractual limits is not available. This resulted in revenue losses and penalties. This applies only to the financial side of responsibility, which the companys leadership responsible.
The criminal consequences of failure are not only serious, they take the legal representative of the company personally. The threat of legal violations from a failure uncontrollable include the violation of data protection provisions, non-compliance with the statutory information requirements from the society of their respective companies form or breach of duties to cooperate in tax and commercial law. The responsibility for these violations based on the standards of objective preventable and predictability in application of the current state of the art. If for financial reasons or organizational shortcomings, the technical possibilities for optimum protection of the IT system is not used, this is the fault scale for the legal business representatives presented with the criminal consequences. This responsibility can not be delegated.
The security of the IT system will begin the audit data integrity, goes beyond the licensing examination of the system software and does not end with the electrical supply the hardware. The fire protection and security of the premises before the access from outside must be based on a review list of corporate governance. In this area unauthorized access to the system does not prevent technical ways to prevent losses by water or fire damage and was not in compliance with the technical possibilities of securing the integrity of a system not sufficiently documented, the companys management the resulting consequences personally responsible . Subsequent Exkulpation without adequate documentation of incidents virtually excluded. Take your IT security into their own hands!
* Stefan Braun is a specialist lawyer for labour law and lawyer for information technology law. Other priorities of its activities are used Questions of copyright protection and competition law. Information http://www.recht-hilfe.de/.