Skip to product information
1 of 2

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

JR/T 0044-2008 English PDF (JRT0044-2008)

JR/T 0044-2008 English PDF (JRT0044-2008)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here JR/T 0044-2008 to get it for Purchase Approval, Bank TT...

JR/T 0044-2008: Management specification of information system disaster recovery for banks

This specification specifies the management requirements of information system disaster recovery for banks. This specification is applicable to the People Bank of China and banking financial institutions.
JR/T 0044-2008
JR
ICS
A11
Record No..
BANKING INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
Management Specification of Information
System Disaster Recovery for Banks
ISSUED ON. FEBRUARY 4, 2008
IMPLEMENTED ON. FEBRUARY 4, 2008
Issued by. The People's Bank of China
Table of Contents
Foreword??...??4
Introduction??...??5
1 Scope??...??6
2 Normative Reference??...??6
3 Terms and Definitions??...??6
4 Overview of Information System Disaster Recovery for Banks??...??11
4.1 Disaster Recovery Contents??...??11
4.2 Periodic Duty for Disaster Recovery??...??11
4.3 Inter-organization Cooperation??...??12
5 Establishment and Responsibilities of Organizational Institution...??12 5.1 Establishment of Organizational Institution??...??12
5.2 Composition and Responsibilities of Organizational institution??...??12 6 Demand Analysis of Disaster Recovery??...??14
6.1 Risk Analysis...??14
6.2 Business Impact Analysis??...??16
6.3 Determination of Disaster Recovery Demand??...??17
7 Establishment of Disaster Recovery Strategy??...??19
7.1 Cost Risk Analysis and Strategy Determination??...??19
7.2 Disaster Recovery Capability Grade??...??19
7.3 Layout of Backup Center for Disaster Recovery??...??20
7.4 Acquisition and Guarantee of Resource and Service??...??20
8 Construction of Backup Center for Disaster Recovery??...??23
8.1 Infrastructure Construction??...??23
8.2 Construction of Backup System for Disaster Recovery??...??23
8.3 Project Supervision??...??24
9 Operating Maintenance Management of Backup Center for Disaster Recovery??...??24 9.1 Management System Construction??...??24
9.2 Work Contents of Operating Maintenance??...??24
9.3 Resource Assurance of Operating Maintenance??...??25
10 Establishment, Exercise and Management of Disaster Recovery Plan??...??25 10.1 Establishment of Disaster Recovery Plan??...??25
10.2 Exercise of Disaster Recovery Plan??...??27
10.3 Management of Disaster Recovery Plan??...??29
11 Emergency Response and Disaster Recovery??...??30
11.1 Emergency Response??...??30
11.2 Disaster Recovery??...??30
11.3 Restoration and Return??...??31
12 Supervision and Management??...??32
12.1 Audit??...??32
12.2 Recording??...??32
Appendix A (Informative) Working Focuses of Emergency Response and Disaster Recovery??...??34
Appendix B (Informative) Relationship between RTO/RPO and Disaster Recovery Capability Grade??...??38
Foreword
This Standard is the description for the management specification of information system disaster recovery for banks.
This Standard was proposed by the People's Bank of China and is under the jurisdiction of National Technical Committee on Financial of Standardization Administration of China.
This Standard is approved by the People's Bank of China.
Drafting organization of this Standard. The People's Bank of China
Participating drafting organization of this Standard. Global Data Solutions Limited (Shenzhen).
Chief drafting staffs of this Standard. Wen Sili, Li Xiaofeng, Yang Hong, Guo Quanming, Cao Xuhui, Li Jian, Yuan Huiping, Wang Qi, Yu Jian, He Zheng, Liu Donghong, Gao Yong, Chen Tianqing, Kang Tanyun, Wang Zheng, Zhang Yan, Zhu Yiqiang, Zhou Heng, Wang Xiong and Liu Pengpeng.
Management Specification of Information System
Disaster Recovery for Banks
1 Scope
This specification specifies the management requirements of information system disaster recovery for banks.
This specification is applicable to the People's Bank of China and banking financial institutions (including foreign-funded banks, hereinafter referred to as "organizations") established within the territory of the People's Republic of China.
2 Normative Reference
The following normative document contains the provisions which, through reference in this text, constitute the provisions of this Standard. For dated references, the subsequent amendments (excluding corrigendum) or revisions of these publications do not apply. However, all parties who reach an agreement according to this Standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies.
GB/T 20988-2007 Information Security Technology - Disaster Recovery
Specifications for Information Systems
3 Terms and Definitions
3.1
Information system
A man-machine system that collects, processes, stores, transmits and retrieves information according to certain application objective and rule; it is consisted of computer system, network system software and hardware and their relevant equipment and facilities, application software etc.
3.2
Disaster
Emergency incidents, manually or naturally caused and last for certain time, which cause major failure and breakdown of information system, bad data damage or stop the business functions supported by information system or make the service level reach unacceptable degree.
3.3
Disaster recovery
DR
Activity and process that are designed to recover the information system from operation failure or unacceptable state caused by disaster to normal operation state and recover the business functions it supports, from abnormal state caused by disaster to acceptable state.
3.4
Disaster recovery planning
DRP
Pre-incident plan and arrangement that are prepared to avoid loss brought about by disaster, and ensure the timely recovery and continuous operation of critical business functions supported by information system after occurrence of disaster. 3.5
Regional disaster
Incident that causes severe damage to communication, electric power, traffic and other critical infrastructure or mass evacuation in its location or closely related adjacent regions and resulting in failure of maintaining the normal operation of information system. E.g., earthquake, large public health incident, terrorist attack, regional communication network failure and grid failure, etc.
3.6
Risk analysis
RA
Process that determines the risk affecting the normal operation of information system, assessing the function vital to the business operation of organizations and defining the control measures reducing the potential hazards. Risk analysis frequently involves the assessment of special incident probability.
3.7
Business impact analysis
BIA
Analyzing business functions and their relevant information system resources and assessing the impact of specific disaster on various service functions. 3.8
Critical business functions
The service or function which will significantly affect the organization operation once it is interrupted for certain time.
3.9
Production system
Information system that supports the production operation of organizations under nor...

View full details