The following rules apply to maintenance operations:
1. Maintenance must only performed by trusted personnel.
2. The HSM should be removed from the secure area for maintenance.
3. All maintenance operations should be recorded in an audit journal.
4. If the unit is left unattended during maintenance, measures must be taken to ensure that the unit is not accessible to unauthorised users.
5. Before a unit is given to the maintenance authority, the unit must be put into the offline state, the production LMK must be erased and the test LMK loaded. Procedures for accomplishing this include one or more of the following:
· Remove power from the HSM.
· Force a motion alarm.
· Load the test LMK to overwrite the LMK storage.
Verify that production LMK has been removed by using the V console command.
6. Return to the manufacturer must take place, under the control of the support procedures, when the fault indicator illuminates and the diagnostic test validates that the unit is faulty.
7. Before re-commissioning at the secure location, conduct the inspection procedures described in section “Initial Inspection Procedure”.