ISO/IEC Release Standard for IT Disaster Recovery - ISO/IEC 24762
March 13, 2008 // Published as a news service by IHS
| |
| Electronics & Telecom Docs |
IHS sells a full selection of standards documents & collections from the industry's top organizations.
To learn more, and for a free quote, please complete the form below. |
|
From fires to earthquakes to pandemics, businesses and other organizations may become the victims of disaster at any time, and they need to safeguard the interests of their stakeholders, as well as their reputation, brand and value-creating activities.
A new international standard from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) is targeted at helping them mitigate risks and be prepared to respond to crises.
ISO/IEC 24762:2008 - Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services offers guidance on the information and communications technologies and services necessary for disaster recovery (ICT DR) as part of business continuity management.
With this guidance, the standard supports the operation of an information security management system (ISMS) by addressing the information security and availability aspects of business continuity management in time of crisis.
A business continuity plan comprises strategies to prepare for national, regional or local crises that could jeopardize an organization's capacity to continue with its core mission, as well as its long-term stability.
According to ISO/IEC 24762:2008, business continuity management is part of the risk management process and involves:
- Identifying potential threats that may cause adverse impacts on business operations, and associated risks.
- Providing a framework for building resilience for business operations
- Providing capabilities, facilities, processes and action task lists for responses to disasters and failures.
According to ISO and IEC, with this new standard, organizations will be able to build resilience into their ICT infrastructure, complementing their business continuity management initiative and information security management initiative.
"This next generation standard takes into account today's technological developments to minimize damage in a crisis situation from an information security and communication standpoint," Philip Sy, project editor of ISO/IEC 24762:2008, said.
"The fallback arrangements included in the standard will help out both during periods of minor outages and, more importantly, will play an essential role in ensuring information and service availability during a disaster or failure, and for a long-term complete recovery of activities," he said.
"This is particularly important today as organizations around the world are increasingly vulnerable to threats of terrorism, natural disasters, piracy and other crises."
The standard includes guidelines on the implementation, testing and execution aspects of disaster recovery and can be applicable to both in-house and outsourced ICT DR service providers of physical facilities and services. It provides guidance on:
- Implementing, operating, monitoring and maintaining the facilities and services necessary for disaster recovery.
- Fallback and recovery support for the organization's ICT systems.
- The capabilities that outsourced ICT DR service providers should possess and the practices they should follow to provide basic secure operating environments and facilitate recovery efforts.
- The selection of a recovery site.
- Requirements for ICT DR service providers to improve their ICT DR services.
For more information about the standard, go to http://www.iso.org.
Source: International Organization for Standardization (ISO).