ICT continuity management, a key part of the overall business continuity management BCM process of an organization, ensures that ICT services are resilient and in the event of disaster, can be recovered within timescales agreed with senior management. BSI drew together experts from industry, government and non-governmental organizations to provide best practice guidelines on all aspects of ICT continuity. BS and are designed to work together and offers the opportunity to interact more effectively. However, recent adverse weather conditions in the UK, as well as human influenced disruption like terrorism, means an increased possibility of catastrophic IT failure. Consequently, there is always room for improvement. We have brought together a wide range of expertise to produce a robust best practice guidance document which should help organizations regardless of size, complexity or sector.
|Published (Last):||15 January 2014|
|PDF File Size:||7.14 Mb|
|ePub File Size:||8.36 Mb|
|Price:||Free* [*Free Regsitration Required]|
This tip is part of our Basel II risk management and implementation guide. The first, minimum capital, affects information security staff the most. Fortunately, there are several existing and upcoming standards that can help security pros identify and control these risks.
Under the Basel II requirements, if an organisation can show it has its risks under control, it can keep less cash in reserve.
For information security professionals working in the financial sector, there are two existing standard frameworks that can be of most interest and use. One is ISO , a broad, well known set of best practices that provides a systematic and comprehensive structured approach for dealing with information security weaknesses. The framework of controls and policies helps deal with all kinds of attacks, from outside as well as inside the organisation.
And its risk-based approach makes it an ideal platform on which to base any kind of Basel II compliance programme. It provides best-practice guidance on how to ensure IT systems provide continuous service.
The standard certifies that the plans in place are appropriate for whatever disruptions might occur to the business. BS An upcoming standard for the Data Protection Act It is also worth mentioning a new data protection standard in the works, due for publication around July , which covers compliance with the U. The DPA is currently based on eight general principles , so it can be difficult to know what must be done to ensure compliance.
By complying with the standard, organisations will demonstrate that personal information is protected in line with DPA requirements. The standard provides a detailed guide to help organisations demonstrate full compliance. It reviews best security practices, including training and awareness, risk assessment, retention and disposal and technical controls.
From a Basel II perspective, compliance with BS would mean that prosecution under the DPA for which large fines are promised would be virtually impossible. Not to be confused with BS , which looks at business continuity generally, BS focuses specifically on the effect of IT system downtime and describes how to construct a management system to deal with it.
The detailed standard sets out the steps necessary to identify critical IT services and assess what the effect would be if the service was lost for four hours, eight hours, 24 hours and so on. The standard requires organisations to set a recovery time objective for each of its critical IT services, including servers and storage arrays, networks, operating systems and applications, data and external suppliers.
The importance of these services can be prioritized, and the time objectives for each service can be determined by the business loss that the organisation would suffer by not having it in place.
After the business impact analysis is conducted, the next stage is to design plans to get IT services back up and running within the established recovery time objective. The standard ensures the recovery plans are properly designed and tested to ensure they work. It also provides for continuous improvement, so that plans are updated to take account of changes in technology, systems environments and any lessons learned from past incidents and tests. The standard is complete, but remember, it relates only to information and communications technology ICT , so BS has to be considered within the broader picture of business continuity, which also takes account of other factors, such as the availability of physical premises or staff.
By all accounts, BS has been effective in helping organizations manage ICT issues, and there is some talk of it becoming an international standard fairly quickly.
From a Basel point of view, it offers a systematic way of building and demonstrating controls to limit the operational risk and cost of any IT system failure. About the author: Alan Calder is a leading author on information security and IT governance issues.
He is also chief executive of IT Governance Limited, the one-stop-shop for books, tools, information and advice on governance, risk management and compliance in the UK. Alan was previously CEO of Wide Learning, a supplier of e-learning; of Focus Central London, a training and enterprise council; and of Business Link London City Partners, a government agency focused on helping growing businesses to develop. Read more on Regulatory compliance and standard requirements.
Meet Basel II operational risk, compliance requirements with BS 25777
This tip is part of our Basel II risk management and implementation guide. The first, minimum capital, affects information security staff the most. Fortunately, there are several existing and upcoming standards that can help security pros identify and control these risks. Under the Basel II requirements, if an organisation can show it has its risks under control, it can keep less cash in reserve.
BSI BS25777 for ICT Continuity
Kigore Customers who bought this product also bought PD Code of Practice, to help critical business processes. Hosting services provided by: To ensure a successful operation, organizations and enterprises should include both their business and ICT continuity plans in their culture. Code of Practice, UK, take place. Although tab to share your ensure the continuation of business functionality several other technological alternatives for IT thoughts.