ISO 24762:2008 Guidelines for ICT disaster recovery services
-
Upload
colette-rose -
Category
Documents
-
view
58 -
download
1
description
Transcript of ISO 24762:2008 Guidelines for ICT disaster recovery services
![Page 1: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/1.jpg)
ISO 24762:2008ISO 24762:2008Guidelines for ICT Guidelines for ICT disaster recovery servicesdisaster recovery services呂敏誠 Louis Lu [email protected]
![Page 2: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/2.jpg)
22008-03-31
AimAim
Aiding the operation of an Information Security Management System (ISMS) by providing guidance on the provision of information and communications technology disaster recovery (ICT DR) services as part of business continuity management.
![Page 3: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/3.jpg)
32008-03-31
Business Continuity strategic and tactical capability of the organization to
plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level. (Source: BS 25999-2)
Disaster Recovery Total loss of a computing environment from supporting
the business. Recovery of the computing environment from an error or major site failure.
Subset of Business Continuity.
![Page 4: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/4.jpg)
42008-03-31
BCMBCM
SAS-70A
S_NZS
4360
CobIT
ISO
2700
1
Basel II
ISO20000
ISO
2239
9
ISO
2703
1PAS77ISO24762
SS507
NFPA
1600
![Page 5: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/5.jpg)
52008-03-31
ISO 24762:2008 ICT DR Services
5. ICT disaster recovery 6. ICT disaster recovery facilities
7. Outsourcing service provider’s capability
8. Selection of recovery sites
9. Continuous Improvement
ISO 27002:2005 Control Objective 14.1
![Page 6: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/6.jpg)
62008-03-31
BCM
ISO 27002ISO 27002Control 14.1Control 14.1
Information ContinuityInformation Continuitymanagementmanagement
ISO 24762ICT DR Services
Telecom
PowerSupply
DR siteAssetMgmt
FireProtection
VendorMgmt Logical
AccessControl
DR plan
PhysicalAccessControl
RiskMitigation
ISO 27005Risk Assessment
![Page 7: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/7.jpg)
72008-03-31
ICT DR Service FrameworkICT DR Service Framework
![Page 8: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/8.jpg)
82008-03-31
![Page 9: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/9.jpg)
92008-03-31
BCM is an integral part of a holistic risk management process that safeguards the interests of an organization’s key stakeholders, reputation, brand and value creating activities through: identifying potential threats that may cause adverse
impacts on an organization’s business operations, and associated risks;
providing a framework for building resilience for business operations;
providing capabilities, facilities, processes, action task lists, etc., for effective responses to disasters and failures.
![Page 10: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/10.jpg)
102008-03-31
5. ICT disaster recovery5. ICT disaster recovery
5.1 General
5.2 Environmental stability
5.3 Asset management
5.4 Proximity of site
5.5 Vendor management
5.6 Outsourcing arrangements
![Page 11: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/11.jpg)
112008-03-31
5. ICT disaster recovery5. ICT disaster recovery
5.7 Information security
5.8 Activation and deactivation of DRP
5.9 Training and education
5.10 Testing on ICT systems
5.11 BC planning for ICT DR service providers
5.12 Documentation and periodic review
![Page 12: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/12.jpg)
122008-03-31
6. ICT disaster recovery 6. ICT disaster recovery facilitiesfacilities 6.1 General
6.2 Location of DR sites
6.3 Physical access controls
6.4 Physical facility security
6.5 Dedicated areas
6.6 Environmental controls
6.7 Telecommunications
6.8 Power supply
![Page 13: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/13.jpg)
132008-03-31
6. ICT disaster recovery 6. ICT disaster recovery facilitiesfacilities 6.9 Cable management
6.10 Fire protection
6.11 Emergency operations center (EOC)
6.12 Restricted facilities
6.13 Non-recovery amenities
6.14 Physical facilities and support equipment life cycle
6.15 Testing
![Page 14: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/14.jpg)
142008-03-31
7. Outsourced service provider’s 7. Outsourced service provider’s capabilitycapability
7.1 General
7.2 Review organization disaster recovery status
7.3 Facilities requirements
7.4 Expertise
7.5 Logical access control
7.6 ICT equipment and operation readiness
7.7 Simultaneous recovery support
7.8 Levels of service
![Page 15: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/15.jpg)
152008-03-31
7. Outsourced service provider’s 7. Outsourced service provider’s capabilitycapability
7.9 Types of services
7.10 Proximity of services
7.11 Subscription ratio for shared services
7.12 Activation of subscribed services
7.13 Organization testing
7.14 Changes in capability
7.15 Emergency response plan
7.16 Self assessment
![Page 16: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/16.jpg)
162008-03-31
8. Selection of recovery sites8. Selection of recovery sites
8.1 General
8.2 Infrastructure
8.3 Skilled manpower and support
8.4 Critical mass of vendors and suppliers
8.5 Local service providers’ track records
8.6 Proactive local support
![Page 17: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/17.jpg)
172008-03-31
9. Continuous improvement9. Continuous improvement
9.1 General
9.2 ICT DR trends
9.3 Performance measurement
9.4 Scalability
9.5 Risk mitigation
![Page 18: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/18.jpg)
182008-03-31
Policies and procedures Policies and procedures
Telecommunications
Power supply
Computer and related equipment
Software
Recovery sites and facilities
Storage space for vital records and supplies
Work area recovery
Staff providing direct recovery support
Non-recovery amenities
![Page 19: ISO 24762:2008 Guidelines for ICT disaster recovery services](https://reader036.fdocuments.net/reader036/viewer/2022062316/568137f8550346895d9fbac6/html5/thumbnails/19.jpg)
Thank YouThank You呂敏誠 Louis Lu [email protected]