GB/T 20988-2007 English PDF (GBT20988-2007)
GB/T 20988-2007 English PDF (GBT20988-2007)
Regular price
$150.00 USD
Regular price
Sale price
$150.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 20988-2007
Historical versions: GB/T 20988-2007
Preview True-PDF (Reload/Scroll if blank)
GB/T 20988-2007: Information security technology -- Disaster recovery specifications for information systems
GB/T 20988-2007
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Disaster recovery
specifications for information systems
ISSUED ON: JUNE 14, 2007
IMPLEMENTED ON: NOVEMBER 01, 2007
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine of PRC;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Overview of disaster recovery ... 9
4.1 Work scope for disaster recovery ... 9
4.2 Organization of disaster recovery ... 10
4.3 Management of disaster recovery planning ... 11
4.4 External collaboration for disaster recovery ... 11
4.5 Audit and filing of disaster recovery ... 12
5 Determination of disaster recovery needs ... 12
5.1 Risk analysis ... 12
5.2 Business impact analysis ... 12
5.3 Determine disaster recovery objectives ... 13
6 Development of disaster recovery strategy ... 13
6.1 Elements for developing disaster recovery strategy ... 13
6.2 Method to obtain disaster recovery resources ... 14
6.3 Requirements for disaster recovery resources ... 16
7 Implementation of disaster recovery strategy ... 17
7.1 Implementation of technical solution for backup system for disaster recovery ... 17
7.2 Selection and construction of backup center for disaster recovery ... 18
7.3 Implementation of professional technical support capabilities ... 19
7.4 Implementation of operation, maintenance, management capabilities ... 19
7.5 Implementation of disaster recovery plan ... 20
Appendix A (Normative) Classification of disaster recovery capability grades 23
Appendix B (Informative) Framework of disaster recovery plan ... 29
Appendix C (Informative) Example of relationship between RTO/RPO and
disaster recovery capability grade in an industry ... 32
Information security technology - Disaster recovery
specifications for information systems
1 Scope
This standard specifies the basic requirements for the disaster recovery of
information system.
This standard applies to the planning, approval, implementation, management
of disaster recovery of information system.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For the dated references, the subsequent
amendments (excluding corrections) or revisions do not apply to this Standard;
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB/T 5271.8 Information technology - Vocabulary - Part 8: security
GB/T 20984 Information security technology - Risk assessment specification
for information security
3 Terms and definitions
The terms and definitions as established in GB/T 5271.8 as well as the following
terms and definitions apply to this standard.
3.1
Backup center for disaster recovery
Alternate site
A site used to take over the primary system for data processing and support
critical business functions (3.6) after a disaster, which can provide the
backup system for disaster recovery (3.3), backup infrastructure and
technical support and operational maintenance management capabilities, or
alternate living facilities in or around the site.
Data backup strategy
Backup steps and behaviors as determined to achieve data recovery and
rebuild objectives. Through determining the backup time, technology,
medium, off-site storage method, it guarantees achieving the recovery time
objectives (3.18) and recovery point objectives (3.19).
3.8
Disaster
A sudden event which causes serious fault or paralysis of the information
system and makes the business functions as supported by the information
system suspend or the service grade be unacceptable and reach a specific
time, due to human or natural causes. Generally, it will cause the information
system to switch to the backup center for disaster recovery (3.1).
3.9
Disaster recovery
The activity and process as designed to restore an information system from
a fault or paralysis state as caused by a disaster (3.8) to a normal operation
state and to restore the business functions it supports from an abnormal
state as caused by a disaster to an acceptable state.
3.10
Disaster recovery plan
A document that defines the tasks, actions, data, resources required for a
disaster recovery of information system process. It is used to guide the
relevant personnel to restore critical business functions supported by the
information system within the scheduled disaster recovery objectives.
3.11
Disaster recovery planning
DRP
The pre-planning and arrangement as made to reduce the losses caused by
disasters and to ensure the critical business functions (3.6) supported by
the information system for timely recovery and continued operation after a
disaster occurs.
3.12
Disaster recovery capability
Recovery time objective
RTO
The time required for an information system or business function from a
standstill to the time it must be recovered after a disaster.
3.19
Recovery point objective
RPO
After a disaster, the requirements for the time point that the system and data
must be recovered to.
3.20
Resumption
The process that the backup center for disaster recovery (3.1) replaces
the primary center (3.15) and supports the re-operation of critical
business functions (3.6).
3.21
Return
Restoration
The process that the information system that supports the business
operation returns from the backup center for disaster recovery (3.1) back
to the primary center (3.15).
4 Overview of disaster recovery
4.1 Work scope for disaster recovery
Disaster recovery of information system includes disaster recovery planning
daily operations of the backup center for disaster recovery, recovery and
resumption of critical business functions in the backup center for disaster
recovery, post-disaster reconstruction and return work of primary system,
emergency response after an incident occurs.
Among them, disaster recovery planning is a repeated process of continuous
improvement, which includes the following stages:
4.2.2.2 Disaster recovery plan implementation team
The primary responsibility of the disaster recovery plan implementation team is:
- Demand analysis for disaster recovery;
- Proposing disaster recovery strategies and grades;
- Implementation of disaster recovery strategy;
- Developing a disaster recovery plan;
- Organizing tests and drills for disaster recovery plans.
4.2.2.3 Disaster recovery daily operation team
The primary responsibility of the disaster recovery daily operation team is:
- Assisting in the implementation of disaster recovery system;
- Daily management of the backup center for disaster recovery;
- Operation and maintenance of the backup system for disaster recovery;
- Professional technical support for disaster recovery;
- Participating in and assisting to the education, training and drills of disaster
recovery plans;
- Maintaining and managing disaster recovery plans;
- Loss control and damage assessment at the time of the emergency;
- Recovery of information systems and business functions after a disaster;
Get QUOTATION in 1-minute: Click GB/T 20988-2007
Historical versions: GB/T 20988-2007
Preview True-PDF (Reload/Scroll if blank)
GB/T 20988-2007: Information security technology -- Disaster recovery specifications for information systems
GB/T 20988-2007
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Disaster recovery
specifications for information systems
ISSUED ON: JUNE 14, 2007
IMPLEMENTED ON: NOVEMBER 01, 2007
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine of PRC;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Overview of disaster recovery ... 9
4.1 Work scope for disaster recovery ... 9
4.2 Organization of disaster recovery ... 10
4.3 Management of disaster recovery planning ... 11
4.4 External collaboration for disaster recovery ... 11
4.5 Audit and filing of disaster recovery ... 12
5 Determination of disaster recovery needs ... 12
5.1 Risk analysis ... 12
5.2 Business impact analysis ... 12
5.3 Determine disaster recovery objectives ... 13
6 Development of disaster recovery strategy ... 13
6.1 Elements for developing disaster recovery strategy ... 13
6.2 Method to obtain disaster recovery resources ... 14
6.3 Requirements for disaster recovery resources ... 16
7 Implementation of disaster recovery strategy ... 17
7.1 Implementation of technical solution for backup system for disaster recovery ... 17
7.2 Selection and construction of backup center for disaster recovery ... 18
7.3 Implementation of professional technical support capabilities ... 19
7.4 Implementation of operation, maintenance, management capabilities ... 19
7.5 Implementation of disaster recovery plan ... 20
Appendix A (Normative) Classification of disaster recovery capability grades 23
Appendix B (Informative) Framework of disaster recovery plan ... 29
Appendix C (Informative) Example of relationship between RTO/RPO and
disaster recovery capability grade in an industry ... 32
Information security technology - Disaster recovery
specifications for information systems
1 Scope
This standard specifies the basic requirements for the disaster recovery of
information system.
This standard applies to the planning, approval, implementation, management
of disaster recovery of information system.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For the dated references, the subsequent
amendments (excluding corrections) or revisions do not apply to this Standard;
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB/T 5271.8 Information technology - Vocabulary - Part 8: security
GB/T 20984 Information security technology - Risk assessment specification
for information security
3 Terms and definitions
The terms and definitions as established in GB/T 5271.8 as well as the following
terms and definitions apply to this standard.
3.1
Backup center for disaster recovery
Alternate site
A site used to take over the primary system for data processing and support
critical business functions (3.6) after a disaster, which can provide the
backup system for disaster recovery (3.3), backup infrastructure and
technical support and operational maintenance management capabilities, or
alternate living facilities in or around the site.
Data backup strategy
Backup steps and behaviors as determined to achieve data recovery and
rebuild objectives. Through determining the backup time, technology,
medium, off-site storage method, it guarantees achieving the recovery time
objectives (3.18) and recovery point objectives (3.19).
3.8
Disaster
A sudden event which causes serious fault or paralysis of the information
system and makes the business functions as supported by the information
system suspend or the service grade be unacceptable and reach a specific
time, due to human or natural causes. Generally, it will cause the information
system to switch to the backup center for disaster recovery (3.1).
3.9
Disaster recovery
The activity and process as designed to restore an information system from
a fault or paralysis state as caused by a disaster (3.8) to a normal operation
state and to restore the business functions it supports from an abnormal
state as caused by a disaster to an acceptable state.
3.10
Disaster recovery plan
A document that defines the tasks, actions, data, resources required for a
disaster recovery of information system process. It is used to guide the
relevant personnel to restore critical business functions supported by the
information system within the scheduled disaster recovery objectives.
3.11
Disaster recovery planning
DRP
The pre-planning and arrangement as made to reduce the losses caused by
disasters and to ensure the critical business functions (3.6) supported by
the information system for timely recovery and continued operation after a
disaster occurs.
3.12
Disaster recovery capability
Recovery time objective
RTO
The time required for an information system or business function from a
standstill to the time it must be recovered after a disaster.
3.19
Recovery point objective
RPO
After a disaster, the requirements for the time point that the system and data
must be recovered to.
3.20
Resumption
The process that the backup center for disaster recovery (3.1) replaces
the primary center (3.15) and supports the re-operation of critical
business functions (3.6).
3.21
Return
Restoration
The process that the information system that supports the business
operation returns from the backup center for disaster recovery (3.1) back
to the primary center (3.15).
4 Overview of disaster recovery
4.1 Work scope for disaster recovery
Disaster recovery of information system includes disaster recovery planning
daily operations of the backup center for disaster recovery, recovery and
resumption of critical business functions in the backup center for disaster
recovery, post-disaster reconstruction and return work of primary system,
emergency response after an incident occurs.
Among them, disaster recovery planning is a repeated process of continuous
improvement, which includes the following stages:
4.2.2.2 Disaster recovery plan implementation team
The primary responsibility of the disaster recovery plan implementation team is:
- Demand analysis for disaster recovery;
- Proposing disaster recovery strategies and grades;
- Implementation of disaster recovery strategy;
- Developing a disaster recovery plan;
- Organizing tests and drills for disaster recovery plans.
4.2.2.3 Disaster recovery daily operation team
The primary responsibility of the disaster recovery daily operation team is:
- Assisting in the implementation of disaster recovery system;
- Daily management of the backup center for disaster recovery;
- Operation and maintenance of the backup system for disaster recovery;
- Professional technical support for disaster recovery;
- Participating in and assisting to the education, training and drills of disaster
recovery plans;
- Maintaining and managing disaster recovery plans;
- Loss control and damage assessment at the time of the emergency;
- Recovery of information systems and business functions after a disaster;