Site iconSite icon IFSEC Insider | Security and Fire News and Resources

Businesses offered new disaster recovery standard

The International Organisation for Standardisation (ISO) said the new code will help companies deal with the unexpected, protect their reputations and safeguard the interests of their shareholders.

ISO/IEC 24762:2008 (Information technology – security techniques – guidelines for information and communications technology disaster recovery services) offers guidance on the communications services firms need in place to ensure business continuity.

“The standard supports the operation of an information security management system by addressing the information security and availability aspects of business continuity management in a time of crisis,” an ISO spokesperson said.

Continuity

Business continuity plans include strategies to help companies deal with potential national, regional or local crises that could jeopardise both their short-term operations and longer-term stability.

According to ISO/IEC 24762:2008, business continuity management is an integral part of any holistic risk management process and involves:

– identifying potential threats that may cause adverse impacts on an organisation’s business operations, and associated risks;
– providing a framework for building resilience for business operations;
– providing capabilities, facilities, processes, action task lists, etc, for effective responses to disasters and failures.

It is hoped that, using the new standard, organisations will be able to build resilience into the ICT infrastructures at the heart of their business activities. It is designed to complement business continuity management initiatives (to better manage relevant risks to business activities) and information security management initiatives (to protect the confidentiality, integrity and availability of information).

“Next generation standard”

Mr Philip Sy, the standard’s project editor, said, “This next generation standard takes into account today’s technological developments to minimise damage in a crisis situation from an information security and communication standpoint.

“The fallback arrangements included in the standard will help out both during periods of minor outages and, more importantly, will play an essential role in ensuring information and service availability during a disaster or failure, and for a long-term complete recovery of activities.”

He added, “This is particularly important today as organisations around the world are increasingly vulnerable to threats of terrorism, natural disasters, piracy and other crises”.

The standard also includes guidelines on the implementation, testing and execution aspects of disaster recovery, and can be applied to both in-house and outsourced providers of physical facilities and services.

ISO/IEC 24762:2008, an initiative of ISO and the International Electrotechnical Commission (IEC), costs 164 Swiss Francs (around GB pound 80) and is available from ISO national member institutes. Click here for a full list, including contact details, or visit the ISO Store here.

Exit mobile version