1 / 19

ISO 24762:2008 Guidelines for ICT disaster recovery services

ISO 24762:2008 Guidelines for ICT disaster recovery services. 呂敏誠 Louis Lu Louis.lu@sgs.com. Aim.

colette-rose
Télécharger la présentation

ISO 24762:2008 Guidelines for ICT disaster recovery services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO 24762:2008Guidelines for ICTdisasterrecovery services 呂敏誠 Louis Lu Louis.lu@sgs.com

  2. Aim • Aiding the operation of an Information Security Management System (ISMS) by providing guidance on the provision of information and communications technology disaster recovery (ICT DR) services as part of business continuity management.

  3. Business Continuity strategic and tactical capability of the organization to plan for andrespond to incidents and business disruptions in order to continuebusiness operations at an acceptable predefined level. (Source: BS 25999-2) Disaster Recovery Total loss of a computing environment from supporting the business. Recovery of the computing environment from an error or major site failure. Subset of Business Continuity.

  4. Basel II ISO20000 BCM AS_NZS 4360 SS507 NFPA1600 CobIT ISO24762 PAS77 SAS-70 ISO27001 ISO22399 ISO27031

  5. ISO 27002:2005 Control Objective 14.1

  6. BCM ISO 27002 Control 14.1 Information Continuity management ISO 24762 ICT DR Services ISO 27005 Risk Assessment Vendor Mgmt Risk Mitigation DR site Logical Access Control Power Supply Asset Mgmt Physical Access Control Telecom Fire Protection DR plan

  7. ICT DR Service Framework

  8. BCM is an integral part of a holistic risk management process that safeguards the interests of an organization’s key stakeholders, reputation, brand and value creating activities through: identifying potential threats that may cause adverse impacts on an organization’s business operations, and associated risks; providing a framework for building resilience for business operations; providing capabilities, facilities, processes, action task lists, etc., for effective responses to disasters and failures.

  9. 5. ICT disaster recovery • 5.1 General • 5.2 Environmental stability • 5.3 Asset management • 5.4 Proximity of site • 5.5 Vendor management • 5.6 Outsourcing arrangements

  10. 5. ICT disaster recovery • 5.7 Information security • 5.8 Activation and deactivation of DRP • 5.9 Training and education • 5.10 Testing on ICT systems • 5.11 BC planning for ICT DR service providers • 5.12 Documentation and periodic review

  11. 6. ICT disaster recovery facilities • 6.1 General • 6.2 Location of DR sites • 6.3 Physical access controls • 6.4 Physical facility security • 6.5 Dedicated areas • 6.6 Environmental controls • 6.7 Telecommunications • 6.8 Power supply

  12. 6. ICT disaster recovery facilities • 6.9 Cable management • 6.10 Fire protection • 6.11 Emergency operations center (EOC) • 6.12 Restricted facilities • 6.13 Non-recovery amenities • 6.14 Physical facilities and support equipment life cycle • 6.15 Testing

  13. 7. Outsourced service provider’s capability • 7.1 General • 7.2 Review organization disaster recovery status • 7.3 Facilities requirements • 7.4 Expertise • 7.5 Logical access control • 7.6 ICT equipment and operation readiness • 7.7 Simultaneous recovery support • 7.8 Levels of service

  14. 7. Outsourced service provider’s capability • 7.9 Types of services • 7.10 Proximity of services • 7.11 Subscription ratio for shared services • 7.12 Activation of subscribed services • 7.13 Organization testing • 7.14 Changes in capability • 7.15 Emergency response plan • 7.16 Self assessment

  15. 8. Selection of recovery sites • 8.1 General • 8.2 Infrastructure • 8.3 Skilled manpower and support • 8.4 Critical mass of vendors and suppliers • 8.5 Local service providers’ track records • 8.6 Proactive local support

  16. 9. Continuous improvement • 9.1 General • 9.2 ICT DR trends • 9.3 Performance measurement • 9.4 Scalability • 9.5 Risk mitigation

  17. Policies and procedures • Telecommunications • Power supply • Computer and related equipment • Software • Recovery sites and facilities • Storage space for vital records and supplies • Work area recovery • Staff providing direct recovery support • Non-recovery amenities

  18. Thank You 呂敏誠 Louis Lu Louis.lu@sgs.com

More Related