Information Technology – Security Techniques – Guidelines for Information and Communications Technology Disaster Recovery Services. ISO/IEC. First edition. Information technology — Security techniques — Guidelines for information and communications technology disaster. ISO defines requirements for implementing, operating, monitoring and maintaining ICT disaster recovery services for ICT disaster recovery and ICT.
|Published (Last):||4 December 2013|
|PDF File Size:||5.20 Mb|
|ePub File Size:||9.87 Mb|
|Price:||Free* [*Free Regsitration Required]|
Service providers should continuously improve their service through the following: Governance, Risk and Compliance. That control objective is supported by controls to be selected and implemented as part of the ISMS process.
This linkage may support the establishment of IRBC and also avoid any dual processes for the organization. Search all products by. Please download Chrome or Firefox or view our browser tips.
These include building construction, security measures, provision of infrastructure services such as power, water and telecommunications, and environmental controls. The faster, easier way to work with standards. PECB is ready to help you. The standard serves as a framework for companies like hot site firms, cold site firms, managed services firms, collocation service providers, and alternate work space providers.
ICT DR service provision, irrespective of whether it is provided in-house or outsourced, should follow best practice guidelines as outlined in this clause. Shell Georgia – ISO There are two main categories of disasters: Take the smart route to manage medical device compliance.
Is it really that hard? And it applies to: Accept and continue Learn more about the cookies we use and how to change your settings. Guidelines for information and communications technology disaster recovery services Status: Information security management is the process by which management aims to achieve effective confidentiality, integrity and availability of information and service.
This include having a qualified staff, the capacity to support simultaneous invocations of DR plans by different organizations, all capabilities and services offered to organizations audited on a regular basis, and their own fully documented and tested business continuity, including Disaster Recovery, and plans in place. Creative security awareness materials for your ISMS. Visit our Help Center. With this guidance, ISO supports the operation of an information security management system by addressing the information security and availability aspects of business continuity management in time of crisis.
ISO/IEC business continuity standard
It specifies the requirements for implementing, operating, monitoring and maintaining ICT DR services and facilities, the capabilities which outsourced ICT DR service providers should possess and the practices they should follow.
ICT DR service providers should interpret the intent of these guidelines within the context of the services they offer. ICT is prevalent and many organizations are highly dependent on ICT supporting critical business processes; ICT also supports incident, business continuity, disaster and emergency response, and related management processes; Business continuity planning is incomplete without adequately considering and protecting ICT availability and continuity.
ISO 24762 for IT Disaster Recovery
It covers a broad range of issues that vendors should address to ensure their service offerings are protected. Personal comments It is unclear how valuable this standard is, given that ISO does such a good job in this area. The adaption of an effective Disaster Recovery plan within an organization will have benefits in a number of areas, examples of which include: Planning for Disaster Recovery is the key aspect that differentiates organizations that can manage the crises with minimal cost and effort, and maximum speed; and those that are willing to pay whatever cost for their recovery and that are enforced to make decision out of desperation.
ISO is complemented by two other standards providing control objectives for information security oso of isk continuity management to further reduce risk:. Such fallback arrangements may include arrangements with third parties in the form of reciprocal agreements, or commercial subscription services.
For more information, see the other standards page. Selection of recovery sites. Continuity, Resilience, and Service Management. This will complement their Business Continuity Management initiative to isk manage relevant risks possibly interrupting their business activities and their Information Security Management initiative to effectively protect the confidentiality, integrity, and availability of information.
Those who have multiple recovery sites, the guidance should io equally applied to each and every site. This clause provides guidance for: In planning for business continuity, the fallback arrangements for information processing and communication facilities become beneficial during periods of minor outages and essential for ensuring information and service availability during a disaster or failure for the complete recovery of activities over a period of time.
There is also guidance on selecting a recovery site and advice on continuous service improvement.
Information security risk management BS It helps define the supporting infrastructure and services capability. Although this standard mentions resilience to as well as recovery from disastrous situations and it will be part of the title at the next releasethe coverage io resilience is light, perhaps because of the strange definition: Health, Safety and Environment. Your basket is empty.
ISO is complemented by two other standards providing control objectives for information security aspects of business continuity management to further reduce risk: Worldwide Standards We can source any standard from anywhere in the world. When an organization implements 2462 ISMS the risks of interruptions to business activities for any reason should always be identified.
The fallback arrangements included in the standard will help out during periods of minor outages and, more importantly, will play an essential role in ensuring information and service availability during a disaster or failure, and for a long-term complete recovery of activities.
If the guidelines are followed, there will be assurance that the ICT DR services have been implemented after due consideration of unforeseen events that could affect the ability to fulfill service obligations, and related risk mitigation via prior arrangement with other service providers in the industry.
Fires, earthquakes, and pandemics, as well as, terrorism and piracy, may cause organizations to become disaster victims at any time. Learn more about the cookies we use and how to change your settings.
It is unclear how valuable this standard is, given that ISO does such a good job in this area.