1
/
/
2
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
JR/T 0044-2008 English PDF (JR/T0044-2008)
JR/T 0044-2008 English PDF (JR/T0044-2008)
Normal fiyat
$145.00 USD
Normal fiyat
İndirimli fiyat
$145.00 USD
Birim fiyat
/
/
Kargo, ödeme sayfasında hesaplanır.
Teslim alım stok durumu yüklenemedi
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click JR/T 0044-2008
Historical versions: JR/T 0044-2008
Preview True-PDF (Reload/Scroll if blank)
JR/T 0044-2008: Management specification of information system disaster recovery for banks
JR/T 0044-2008
JR
ICS
A11
Record No..
BANKING INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
Management Specification of Information
System Disaster Recovery for Banks
ISSUED ON. FEBRUARY 4, 2008
IMPLEMENTED ON. FEBRUARY 4, 2008
Issued by. The People's Bank of China
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative Reference ... 6
3 Terms and Definitions ... 6
4 Overview of Information System Disaster Recovery for Banks ... 11
4.1 Disaster Recovery Contents ... 11
4.2 Periodic Duty for Disaster Recovery ... 11
4.3 Inter-organization Cooperation ... 12
5 Establishment and Responsibilities of Organizational Institution... 12
5.1 Establishment of Organizational Institution ... 12
5.2 Composition and Responsibilities of Organizational institution ... 12
6 Demand Analysis of Disaster Recovery ... 14
6.1 Risk Analysis... 14
6.2 Business Impact Analysis ... 16
6.3 Determination of Disaster Recovery Demand ... 17
7 Establishment of Disaster Recovery Strategy ... 19
7.1 Cost Risk Analysis and Strategy Determination ... 19
7.2 Disaster Recovery Capability Grade ... 19
7.3 Layout of Backup Center for Disaster Recovery ... 20
7.4 Acquisition and Guarantee of Resource and Service ... 20
8 Construction of Backup Center for Disaster Recovery ... 23
8.1 Infrastructure Construction ... 23
8.2 Construction of Backup System for Disaster Recovery ... 23
8.3 Project Supervision ... 24
9 Operating Maintenance Management of Backup Center for Disaster Recovery ... 24
9.1 Management System Construction ... 24
9.2 Work Contents of Operating Maintenance ... 24
9.3 Resource Assurance of Operating Maintenance ... 25
10 Establishment, Exercise and Management of Disaster Recovery Plan ... 25
10.1 Establishment of Disaster Recovery Plan ... 25
10.2 Exercise of Disaster Recovery Plan ... 27
10.3 Management of Disaster Recovery Plan ... 29
11 Emergency Response and Disaster Recovery ... 30
11.1 Emergency Response ... 30
11.2 Disaster Recovery ... 30
11.3 Restoration and Return ... 31
12 Supervision and Management ... 32
12.1 Audit ... 32
12.2 Recording ... 32
Appendix A (Informative) Working Focuses of Emergency Response and Disaster
Recovery ... 34
Appendix B (Informative) Relationship between RTO/RPO and Disaster Recovery
Capability Grade ... 38
Foreword
This Standard is the description for the management specification of information
system disaster recovery for banks.
This Standard was proposed by the People's Bank of China and is under the
jurisdiction of National Technical Committee on Financial of Standardization
Administration of China.
This Standard is approved by the People's Bank of China.
Drafting organization of this Standard. The People's Bank of China
Participating drafting organization of this Standard. Global Data Solutions Limited
(Shenzhen).
Chief drafting staffs of this Standard. Wen Sili, Li Xiaofeng, Yang Hong, Guo
Quanming, Cao Xuhui, Li Jian, Yuan Huiping, Wang Qi, Yu Jian, He Zheng, Liu
Donghong, Gao Yong, Chen Tianqing, Kang Tanyun, Wang Zheng, Zhang Yan, Zhu
Yiqiang, Zhou Heng, Wang Xiong and Liu Pengpeng.
Management Specification of Information System
Disaster Recovery for Banks
1 Scope
This specification specifies the management requirements of information system
disaster recovery for banks.
This specification is applicable to the People's Bank of China and banking financial
institutions (including foreign-funded banks, hereinafter referred to as "organizations")
established within the territory of the People's Republic of China.
2 Normative Reference
The following normative document contains the provisions which, through reference in
this text, constitute the provisions of this Standard. For dated references, the
subsequent amendments (excluding corrigendum) or revisions of these publications
do not apply. However, all parties who reach an agreement according to this Standard
are encouraged to study whether the latest edition of the normative document is
applicable. For undated references, the latest edition of the normative document
applies.
GB/T 20988-2007 Information Security Technology - Disaster Recovery
Specifications for Information Systems
3 Terms and Definitions
3.1
Information system
A man-machine system that collects, processes, stores, transmits and retrieves
information according to certain application objective and rule; it is consisted of
computer system, network system software and hardware and their relevant
equipment and facilities, application software etc.
3.2
Disaster
Emergency incidents, manually or naturally caused and last for certain time, which
cause major failure and breakdown of information system, bad data damage or stop
the business functions supported by information system or make the service level
reach unacceptable degree.
3.3
Disaster recovery
DR
Activity and process that are designed to recover the information system from
operation failure or unacceptable state caused by disaster to normal operation state
and recover the business functions it supports, from abnormal state caused by
disaster to acceptable state.
3.4
Disaster recovery planning
DRP
Pre-incident plan and arrangement that are prepared to avoid loss brought about by
disaster, and ensure the timely recovery and continuous operation of critical business
functions supported by information system after occurrence of disaster.
3.5
Regional disaster
Incident that causes severe damage to communication, electric power, traffic and
other critical infrastructure or mass evacuation in its location or closely related
adjacent regions and resulting in failure of maintaining the normal operation of
information system. E.g., earthquake, large public health incident, terrorist attack,
regional communication network failure and grid failure, etc.
3.6
Risk analysis
RA
Process that determines the risk affecting the normal operation of information system,
assessing the function vital to the business operation of organizations and defining
the control measures reducing the potential hazards. Risk analysis frequently involves
the assessment of special incident probability.
3.7
Business impact analysis
BIA
Analyzing business functions and their relevant information system resources and
assessing the impact of specific disaster on various service functions.
3.8
Critical business functions
The service or function which will significantly affect the organization operation once it
is interrupted for certain time.
3.9
Production system
Information system that supports the production operation of organizations under
nor...
Get QUOTATION in 1-minute: Click JR/T 0044-2008
Historical versions: JR/T 0044-2008
Preview True-PDF (Reload/Scroll if blank)
JR/T 0044-2008: Management specification of information system disaster recovery for banks
JR/T 0044-2008
JR
ICS
A11
Record No..
BANKING INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
Management Specification of Information
System Disaster Recovery for Banks
ISSUED ON. FEBRUARY 4, 2008
IMPLEMENTED ON. FEBRUARY 4, 2008
Issued by. The People's Bank of China
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative Reference ... 6
3 Terms and Definitions ... 6
4 Overview of Information System Disaster Recovery for Banks ... 11
4.1 Disaster Recovery Contents ... 11
4.2 Periodic Duty for Disaster Recovery ... 11
4.3 Inter-organization Cooperation ... 12
5 Establishment and Responsibilities of Organizational Institution... 12
5.1 Establishment of Organizational Institution ... 12
5.2 Composition and Responsibilities of Organizational institution ... 12
6 Demand Analysis of Disaster Recovery ... 14
6.1 Risk Analysis... 14
6.2 Business Impact Analysis ... 16
6.3 Determination of Disaster Recovery Demand ... 17
7 Establishment of Disaster Recovery Strategy ... 19
7.1 Cost Risk Analysis and Strategy Determination ... 19
7.2 Disaster Recovery Capability Grade ... 19
7.3 Layout of Backup Center for Disaster Recovery ... 20
7.4 Acquisition and Guarantee of Resource and Service ... 20
8 Construction of Backup Center for Disaster Recovery ... 23
8.1 Infrastructure Construction ... 23
8.2 Construction of Backup System for Disaster Recovery ... 23
8.3 Project Supervision ... 24
9 Operating Maintenance Management of Backup Center for Disaster Recovery ... 24
9.1 Management System Construction ... 24
9.2 Work Contents of Operating Maintenance ... 24
9.3 Resource Assurance of Operating Maintenance ... 25
10 Establishment, Exercise and Management of Disaster Recovery Plan ... 25
10.1 Establishment of Disaster Recovery Plan ... 25
10.2 Exercise of Disaster Recovery Plan ... 27
10.3 Management of Disaster Recovery Plan ... 29
11 Emergency Response and Disaster Recovery ... 30
11.1 Emergency Response ... 30
11.2 Disaster Recovery ... 30
11.3 Restoration and Return ... 31
12 Supervision and Management ... 32
12.1 Audit ... 32
12.2 Recording ... 32
Appendix A (Informative) Working Focuses of Emergency Response and Disaster
Recovery ... 34
Appendix B (Informative) Relationship between RTO/RPO and Disaster Recovery
Capability Grade ... 38
Foreword
This Standard is the description for the management specification of information
system disaster recovery for banks.
This Standard was proposed by the People's Bank of China and is under the
jurisdiction of National Technical Committee on Financial of Standardization
Administration of China.
This Standard is approved by the People's Bank of China.
Drafting organization of this Standard. The People's Bank of China
Participating drafting organization of this Standard. Global Data Solutions Limited
(Shenzhen).
Chief drafting staffs of this Standard. Wen Sili, Li Xiaofeng, Yang Hong, Guo
Quanming, Cao Xuhui, Li Jian, Yuan Huiping, Wang Qi, Yu Jian, He Zheng, Liu
Donghong, Gao Yong, Chen Tianqing, Kang Tanyun, Wang Zheng, Zhang Yan, Zhu
Yiqiang, Zhou Heng, Wang Xiong and Liu Pengpeng.
Management Specification of Information System
Disaster Recovery for Banks
1 Scope
This specification specifies the management requirements of information system
disaster recovery for banks.
This specification is applicable to the People's Bank of China and banking financial
institutions (including foreign-funded banks, hereinafter referred to as "organizations")
established within the territory of the People's Republic of China.
2 Normative Reference
The following normative document contains the provisions which, through reference in
this text, constitute the provisions of this Standard. For dated references, the
subsequent amendments (excluding corrigendum) or revisions of these publications
do not apply. However, all parties who reach an agreement according to this Standard
are encouraged to study whether the latest edition of the normative document is
applicable. For undated references, the latest edition of the normative document
applies.
GB/T 20988-2007 Information Security Technology - Disaster Recovery
Specifications for Information Systems
3 Terms and Definitions
3.1
Information system
A man-machine system that collects, processes, stores, transmits and retrieves
information according to certain application objective and rule; it is consisted of
computer system, network system software and hardware and their relevant
equipment and facilities, application software etc.
3.2
Disaster
Emergency incidents, manually or naturally caused and last for certain time, which
cause major failure and breakdown of information system, bad data damage or stop
the business functions supported by information system or make the service level
reach unacceptable degree.
3.3
Disaster recovery
DR
Activity and process that are designed to recover the information system from
operation failure or unacceptable state caused by disaster to normal operation state
and recover the business functions it supports, from abnormal state caused by
disaster to acceptable state.
3.4
Disaster recovery planning
DRP
Pre-incident plan and arrangement that are prepared to avoid loss brought about by
disaster, and ensure the timely recovery and continuous operation of critical business
functions supported by information system after occurrence of disaster.
3.5
Regional disaster
Incident that causes severe damage to communication, electric power, traffic and
other critical infrastructure or mass evacuation in its location or closely related
adjacent regions and resulting in failure of maintaining the normal operation of
information system. E.g., earthquake, large public health incident, terrorist attack,
regional communication network failure and grid failure, etc.
3.6
Risk analysis
RA
Process that determines the risk affecting the normal operation of information system,
assessing the function vital to the business operation of organizations and defining
the control measures reducing the potential hazards. Risk analysis frequently involves
the assessment of special incident probability.
3.7
Business impact analysis
BIA
Analyzing business functions and their relevant information system resources and
assessing the impact of specific disaster on various service functions.
3.8
Critical business functions
The service or function which will significantly affect the organization operation once it
is interrupted for certain time.
3.9
Production system
Information system that supports the production operation of organizations under
nor...
Share
