11/4/06

Futuro ISO 27006, "Guías para la gestión de la continuidad de negocio"

ISO ha anunciado un nuevo proyecto que se etiquetará ISO 27006 “Guidelines for information and communications technology disaster recovery services”, basado en SS507. La publicación se espera para noviembre del 2007.

El cuerpo del borrador de norma propuesto tiene el siguiente contenido:


"0. Introduction
The ICT DR Services Model or Framework - showing the foundation layer to define supporting infrastructure from which services are derived, such as policies, processes, programme, performance measurement, people and products.

1. Scope
Describes the purpose of this standard, assumptions made when using this standard and what is excluded. Introduces subsequent clauses and explains their interpretation

2. Definitions
Defines terms used within the standard to establish a common understanding by the readers.

3. General Guidelines
Basic guidelines for the ICT DR services provision:
3.1 Environmental stability
3.2 Asset management
3.3 Proximity of services
3.4 Subscription (contention) ratio for shared services
3.5 Third party vendor management
3.6 Outsourcing arrangements
3.7 Privacy and confidentiality
3.8 Activation of subscribed services

4. Disaster Recovery Facilities
Specific guidelines for the ICT DR services provision to provide a secure physical operating environment to facilitate recovery:
4.1 Physical access control
4.2 Physical facilities and security
4.3 Environmental controls
4.4 Telecommunications
4.5 Power supply
4.6 Cable management
4.7 Fire protection
4.8 Location of recovery site
4.9 Emergency operations centre
4.10 Restricted facilities
4.11 Physical facilities and equipment lifecycle
4.12 Non recovery amenities
4.13 Testing
4.14 Training and education

5. Recovery Services Capability
Specific guidelines for the ICT DR services provision to develop service delivery capability supporting recovery. Besides qualified staffing, other minimum capabilities include capacity to support simultaneous invocation of disasters:
5.1 Expertise
5.2 Logical access controls
5.3 Equipment and operation readiness
5.4 Simultaneous recovery support
5.5 Levels of service
5.6 Types of service
5.7 Client testing
5.8 Changes in capability
5.9 Emergency response plan
5.10 Self-assessment
5.11 Disaster recovery training and education

6. Guidelines for Selection of Recovery Sites
Provides guidelines on the factors to consider when selecting recovery sites, such as:
6.1 Infrastructure
6.2 Skilled manpower and support
6.3 Critical mass of vendors and suppliers
6.4 Local service providers’ track records
6.5 Proactive local support

7. Additional Guidelines for the Professional ICT DR Service Provider
Additional guidelines for professional service providers in the provision of ICT DR services."