标准编号:ISO/IEC 24762:2008
中文名称:信息技术 安全技术 信息和通信技术故障恢复服务指南
英文名称:Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services
发布日期:2008-02
标准范围
1.1 GeneralThis International Standard describes the basic practices which ICT DR service providers, both in-house andoutsourced, should consider.It covers the requirements that service providers should meet, recognizing that individual organizations mayhave additional requirements that are specific to them (which would have to be addressed in theagreements/contracts with service providers). Examples of such organization requirements may includespecial encryption software and secured operation procedures, equipment, knowledgeable personnel andapplication documentation. Such additional organization specific requirements, if necessary, are generallynegotiated on a case-by-case basis and are the subject of detailed contract negotiations betweenorganizations and their ICT DR service providers and are not within the scope of this International Standard.1.2 ExclusionsThis International Standard does not:a) provide any guidance on business continuity management as a whole for organizations;b) take precedence over any laws and regulations, both existing and those in the future;c) have any legal power over the Service Level Agreements (SLAs) included in negotiated contractsbetween organizations and service providers;d) address requirements, legal or otherwise, governing normal business operations to be adhered to byservice providers. Examples of such requirements include detailed regulations covering building and firesafety, occupational health and safety, copyright regulation and prevailing human resource practices;e) provide an exhaustive list, and thus technical security controls are not covered. Readers should refer toISO/IEC 27001 and ISO/IEC 27002, vendor literature and other technical references, as necessary.1.3 AudienceThis International Standard applies to:a) all organizations requiring the ICT DR services as part of their business (whether in-house and/oroutsourced);b) ICT DR service providers in their provision of ICT DR services;c) communities of organizations with reciprocal or mutual arrangements.
标准预览图
立即下载标准文件