Chapter 14: certifications
IT Framework standards
ITIL – Information Technology Infrastructure Library
ISO – International Standards Organization
COBIT – Control Objectives for Information and Related Technologies
CMMI – Capability Maturity Model Integration
Benefits of certification
Companies showcase their certifications as a means to show your plans are tested
Certifications build confidence in the plan
Increase value for the company to be certified
ITIL
Information Technology Infrastructure Library was created in 1980s to bring order to its various data operations
Eventually evolved into a broad body of knowledge
Emphasis on service management
Certifies the individual who creates and implements the program
ITIL – SLA
ITIL is based on service-level agreements (SLAs)
SLAs govern IT support for everyday incident resolution
SLA are periodically analyzed
Periodic performance reports are issued to all parties
SLA are updated based upon business needs
ITIL – Discipline Areas
Impact Analysis
Continuity Strategy
Specific recovery actions, written disaster recovery plan, proactive plan of business resilience, testing plan, training plan
Manager is appointed to lead the effort
Program remains active to keep plans current
ISO
International Standards Organization contains several standards:
ISO22300: Societal security – terminology
ISO 22301: Societal security – business
ISO 22313: Societal security – business continuity management systems
ISO 22317: Societal security – business continuity management systems – guidelines for BIA
ISO 22398: Societal security – guidelines for exercises
Clause 4: Company’s context
Clause 4 requires the company to understand the needs of all critical stakeholders
1. Review with legal advisor what is required to meet regulatory obligations
2. Ask the Board for their guidance for disaster recovery and business continuity planning
3. Review how the DR/BCP program fits with the company’s business strategies and goals
4. Talk to your customers to learn what they expect in a crisis
5. Talk to employees
Clause 5: Leadership
Examine top management involvement and it the appropriate leadership support is provided at all levels
1. Issue appropriate company policies supporting the program
2. provide the necessary resources for the program
3. Generate company-side support
Clause 6: Planning
Expands the DR/BCP program scope into specific objectives
Well-written objective has measurable criteria
Project plan to create DR/BCP is drafter
Clause 7: support
Identifies the requirements for supporting the ongoing program
Ensure that the personnel tasked with supporting the various recovery plans understand their role and responsibilities
Ensure that people who run the program have the proper training
Create a documented and tested plan to communicated with significant stakeholders
Clause 8: Operations
Details the basic documents of the plan
Conducts a formal Impact Analysis (BIA)
Risk assessment is conducted on vital functions
Continuity Strategies is developed
Prewritten plan is drafter
Clause 9: evaluation
Reviews the plan’s performance against expectations and Key Process Indicators (KPIs) are identified
Common KPIs are:
Length of time to prepare the recovery site
Amount of time required to recover vital system
Amount of data lost between disaster and last backup
Time required for DR/BCP team members to join the recovery effort
Clause 10: improvement
Implement a continuous improvement program to enhance the recovery plan
Similar to ITIL continuous improvement program
Apply Lean/Six Sigma quality improvement approaches
Certifying your plan
ISO 22301 standard is the basis for certifying an organization’s DR/BCP.
Based on an examination of the program by an ISO-approved auditor
ISO audits can be expensive
Other actions:
Start a formal project to prepare
Standarize the DR/BCP documentation format
Document and findings from your internal audit
Fully inform auditor of scope
cobit
Control Objectives for Information and Related Technologies (COBIT)
Provided by the Information Systems Audit and Control Associated (ISACA)
Originally designed to audit data systems – evolved to include set of controls and processes for IT systems
ISACA provides training and support for COBIT
CMMI
Capability Maturity Model Integration (CMMI)
Developed by Carnegie Mellon University to improve development of software
Expanded to provide a process improvement model for all aspects of an organization
Uses appraisals by third-party evaluators
summary
Building a DR/BCP is a lot of work
Published standards assemble best practices into one document for comparison purposes
Find the right standard for your business
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more