GB/T 37046-2018 English PDFUS$999.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 37046-2018: Information security techniques -- Assessment criteria for disaster recovery service capability Status: Valid
Basic dataStandard ID: GB/T 37046-2018 (GB/T37046-2018)Description (Translated English): Information security techniques -- Assessment criteria for disaster recovery service capability Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 50,569 Date of Issue: 2018-12-28 Date of Implementation: 2019-07-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 37046-2018: Information security techniques -- Assessment criteria for disaster recovery service capability---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security techniques--Assessment criteria for disaster recovery service capability ICS 35.040 L80 National Standards of People's Republic of China Information security technology Disaster Recovery Service Capability Assessment Criteria Published on.2018-12-28 2019-07-01 implementation State market supervision and administration China National Standardization Administration issued ContentForeword III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 3 5 Disaster Recovery Service Capability Maturity Model Overview 3 5.1 Disaster Recovery Service Lifecycle Overview 3 5.2 Disaster Recovery Service Capability Component 4 5.3 Disaster Recovery Service Capability Maturity Model 5 6 Disaster Recovery Service Capability Element 6 6.1 Disaster Recovery Service Resource Configuration 6 6.1.1 Disaster Recovery Service Site Resource Allocation Capability 6 6.1.2 Disaster Recovery System Resource Configuration Capability 7 6.1.3 Disaster Recovery Service Team Capabilities 7 6.2 Disaster Recovery Service Process 7 6.2.1 Overview of the Disaster Recovery Service Process 7 6.2.2 PA01---Disaster Recovery Needs Analysis 7 6.2.3 PA02---Disaster Recovery Resource Acquisition 8 6.2.4 PA03---Disaster Backup Center Selection and Construction 10 6.2.5 PA04---Disaster Backup System Technical Planning and Implementation 11 6.2.6 PA05---Disaster Backup System Operation and Maintenance and Technical Support 13 6.2.7 PA06---Development and Management of Disaster Recovery Plan 13 6.2.8 PA07---Emergency response and disaster takeover 15 6.2.9 PA08---Disaster Recovery Capability Assessment 16 6.3 Disaster Recovery Service Project Process and Organization Process 17 6.3.1 Disaster Recovery Services Project Process and Organizational Process Overview 17 6.3.2 PA09---Quality Assurance 17 6.3.3 PA10---Management Configuration 19 6.3.4 PA11---Manage project risk 20 6.3.5 PA12---Project Planning 21 6.3.6 PA13---Project Monitoring 22 6.3.7 PA14---Management System Engineering Support Environment 23 6.3.8 PA15---Skills and Knowledge Improvement 24 6.3.9 PA16---Coordination with suppliers 25 7 Disaster Recovery Service Process Capability Level Definition 26 7.1 Overview of Disaster Recovery Service Process Capabilities 26 7.2 Ability Level 1 - Basic Executive Level 27 7.2.1 Basic Executive Level Overview 27 7.2.2 Public Features 1.1 - Perform Basic Implementation 27 7.3 Capacity Level 2 - Planning and Tracking Level 27 7.3.1 Planning and Tracking Level Overview 27 7.3.2 Public Characteristics 2.1---Planning Execution 28 7.3.3 Public characteristics 2.2---Standardized implementation 29 7.3.4 Common Features 2.3---Verification Execution 30 7.3.5 Common Features 2.4---Tracking Execution 30 7.4 Ability Level 3 - Full Definition Level 31 7.4.1 Full Definition Level Overview 31 7.4.2 Public characteristics 3.1---Definition of standard procedures 31 7.4.3 Common Features 3.2---Execute the defined process 32 7.4.4 Public Features 3.3---Coordination Implementation 33 7.5 Capability Level 4 - Quantization Control Level 34 7.5.1 Quantitative Control Level Overview 34 7.5.2 Public characteristics 4.1--- Establish measurable quality objectives 34 7.5.3 Public characteristics 4.2--- Objectively manage execution 35 7.6 Ability Level 5 - Continuous Improvement Level 35 7.6.1 Continuous Improvement Level Overview 35 7.6.2 Public characteristics 5.1 - Improve organizational capabilities 35 7.6.3 Public characteristics 5.2---Improve process effectiveness 36 8 Disaster Recovery Service Capability Assessment 37 8.1 Overview 37 8.2 Disaster Recovery Service Capability Assessment 37 8.3 Applicability of the appendix to this standard 38 Appendix A (informative) Disaster Recovery Level and Tool and Equipment Reference Table 40 Appendix B (Normative) Disaster Recovery Service and Process Area Correspondence Table 42 Appendix C (Normative) Mapping of Disaster Recovery Capability Levels and Capabilities Elements Table 43ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying these patents. This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This standard was drafted. China Information Security Evaluation Center, China Cyber Security Review Technology and Certification Center, China Electronic Technology Standard Research Institute, Wanguo Data Service Co., Ltd., CLP Great Wall Internet System Application Co., Ltd., Beijing Huasheng Tiancheng Technology Co., Ltd. Beijing Taiji Huaqing Information System Co., Ltd., Guofurui Data System Co., Ltd., Tsinghua University, Civil Aviation University of China, Shanghai Information Security Engineering Technology Research Center. The main drafters of this standard. Sun Mingliang, Li Bin, Wei Hua, Wang Wei, Liu Zuikang, Zhang Xiaofei, Zhang Jian, Wei Liru, Cheng Yuqi, Xu Yuna, Wang Huili, Guan Jiyu, Yan Jinghua, Liu Yang, Yan Cheng, An Xinya, Li Jie, Wei Gangyi, Liu Wei, Lei Wei, Ye Xiaojun, Lu Li, Wang Tao, Wu Yong.IntroductionThis standard refers to and draws on GB/T 30271-2013 "Information Security Technology Information Security Service Capability Assessment Guidelines", GB/T 20988-2007 "Information Security Technology Information System Disaster Recovery Specification", GB/T 20261-2006 "Information Technology System Security Full Engineering Capability Maturity Model, ISO /IEC 21827.2008 "Information Technology Security Technology System Security Engineering Capability Maturity Model The relevant content and ideas of the type S (SSE-CMM) are combined with practical experience at home and abroad. The content of this standard is a detailed refinement of the information system disaster recovery service capability assessment under the framework of GB/T 30271-2013. An assessment framework for the service capabilities of the Information Systems Disaster Recovery Organization. Mainly to explain the disaster recovery service organized by the disaster recovery service Method and model for assessing capabilities, and methods and characterization of the assessment of service capabilities of disaster recovery services. See GB/T 36957-2018. This standard is in the process of developing disaster recovery service process for the disaster recovery service organization. The information system disaster recovery technology process in GB/T 20988-2007 is mainly for the service capability of the disaster recovery service organization. The framework of the assessment method, model, and grading; GB/T 36957-2018 mainly describes the disaster recovery organization when doing disaster recovery services. Specific requirements; GB/T 20988-2007 is an explanation of the information system disaster recovery service process, and for information system disaster recovery The core of the elaboration of the capability is the information system; this standard is used in conjunction with GB/T 36957-2018. Information security technology Disaster Recovery Service Capability Assessment Criteria1 ScopeThis standard specifies the basic principles that information system disaster recovery services should follow, and clarifies the information system disaster recovery service organization service. The evaluation mechanism of the ability. This standard applies to the demand side, provider and evaluator of the information system disaster recovery service.2 Normative referencesThe following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article. Pieces. For undated references, the latest edition (including all amendments) applies to this document. GB/T 20988-2007 Information Security Technology Information System Disaster Recovery Specification GB/T 25069-2010 Information Security Technology Terminology GB/T 29246-2017 Information technology security technology information security management system overview and vocabulary GB/T 30271-2013 Information Security Technology Information Security Service Capability Assessment Criteria GB/T 36957-2018 Information Security Technology Disaster Recovery Service Requirements ISO /IEC 21827.2008 Information Technology Security Technology System Security Engineering Capability Maturity Model(Informationtech- nology-Securitytechniques-SystemsSecurityEngineering-Capability Maturity Model)(SSE- CMM)3 Terms and definitionsGB/T 25069-2010, GB/T 20988-2007, GB/T 30271-2013, GB/T 29246-2017, The following terms and definitions as defined in GB/T 36957-2018 and ISO /IEC 21827.2008 apply to this document. In order to facilitate Used, the following repeatedly lists some terms in GB/T 36957-2018, GB/T 29246-2017 and GB/T 30271-2013 and definition. 3.1 Disaster recovery service disasterrecoveryservices In order to restore an information system from a fault or paralysis caused by a disaster to a functioning state and to support the business functions it supports Activities such as analysis, design, implementation, operation, maintenance, and organization management that are carried out from an abnormal state caused by a disaster to an acceptable state Process. [GB/T 36957-2018, definition 3.2] 3.2 Disaster recovery service provider providerofdisasterrecoveryservices An organization or department that has a professional disaster recovery service team and resources and can provide disaster recovery services, referred to as service providers. [GB/T 36957-2018, definition 3.4] ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 37046-2018_English be delivered?Answer: Upon your order, we will start to translate GB/T 37046-2018_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 37046-2018_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 37046-2018_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
