Question:
Question 15: (Click here to View this Q&A Series)
Is there a place where I can get help with writing or incorporating Standards for my organization. I am looking to establish planning standards, back-up standards etc. Is there a document that describes perhaps industry standards?
Answer 1:
For the longest time the Disaster Recovery and Business Continuity Industry was at a loss for standards and guidelines. Now we are inundated with them. There are quite a few that you should consider as the foundation for a good disaster recovery or business continuity program.
In today’s highly competitive marketplace, companies are turning to industry-recognized IT process frameworks to improve IT business alignment and drive incremental service delivery improvements. The IT Infrastructure Library, also known as ITIL, is becoming the de facto industry standard framework for providing guidance specific to IT service delivery and support processes. When you think of Business Resilience you should think of protecting the environment, preventing outages, predicting issues and events and lastly adapting the situation. These key attributes of business resilience align very closely with ITIL.
Service Delivery is the management of the IT services themselves, and involves a number of management practices to ensure that IT services are provided as agreed between the Service Provider and the Customer. Service Delivery consists of 5 disciplines. These are:
1. Service
Level Management
2. Capacity Management
3. Continuity Management
4. Availability Management
5. IT Financial Management
Service Support is the practice of those disciplines that enable IT Services
to be provided effectively. The 6 Service Support disciplines are:
1. Configuration
Management
2. Incident Management
3. Problem Management
4. Change Management
5. Service/Help Desk
6. Release Management
CobiT is another set of guidelines for IT Controls. It has been developed
as a generally applicable and accepted standard for good Information Technology
(IT) security and control practices that provides a reference framework
for management, users, and IS audit, control and security practitioners
In addition, there are many web sites and areas of public domain in which you can find good guidelines. The MOST IMPORTANT THING to consider is the following -- your company's success in implementing a business continuity and disaster recovery program are dependent upon the company culture, acceptance and current capabilities. You must use your good judgement in implementing a program and methods that will fit within the current corporate governance program and executive management situation.
Damian
Damian N. Walch, CISSP, CBCP, CISA
National Practice Executive
IBM Business Resilience and Continuity Services
The responses reflect the views of the individual EAB member, and do not necessarily reflect the views of their employers, the DRJ, or the EAB as a whole.