GB/T 20988-2025 (GB/T 20988-2007) PDF English
US$150.00 · In stock · Download in 9 secondsGB/T 20988-2007: Information security technology - Disaster recovery specifications for information systems Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid GB/T 20988: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GB/T 20988-2025 | English | 1229 |
Add to Cart
|
7 days
|
Cybersecurity technology - Disaster recovery specifications for information systems
| Valid |
| GB/T 20988-2007 | English | 150 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Information security technology - Disaster recovery specifications for information systems
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GB/T 20988-2007
GB/T 20988-2007: Information security technology - Disaster recovery specifications for information systems
---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20988-2007
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Disaster recovery
specifications for information systems
Issued on. JUNE 14, 2007
Implemented on. NOVEMBER 01, 2007
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of PRC;
Standardization Administration of PRC.
Table of Contents
Foreword... 3
Introduction... 4
1 Scope... 5
2 Normative references... 5
3 Terms and definitions... 5
4 Overview of disaster recovery... 9
4.1 Work scope for disaster recovery... 9
4.2 Organization of disaster recovery... 10
4.3 Management of disaster recovery planning... 11
4.4 External collaboration for disaster recovery... 11
4.5 Audit and filing of disaster recovery... 12
5 Determination of disaster recovery needs... 12
5.1 Risk analysis... 12
5.2 Business impact analysis... 12
5.3 Determine disaster recovery objectives... 13
6 Development of disaster recovery strategy... 13
6.1 Elements for developing disaster recovery strategy... 13
6.2 Method to obtain disaster recovery resources... 14
6.3 Requirements for disaster recovery resources... 16
7 Implementation of disaster recovery strategy... 17
7.1 Implementation of technical solution for backup system for disaster recovery... 17
7.2 Selection and construction of backup center for disaster recovery... 18
7.3 Implementation of professional technical support capabilities... 19
7.4 Implementation of operation, maintenance, management capabilities... 19
7.5 Implementation of disaster recovery plan... 20
Appendix A (Normative) Classification of disaster recovery capability grades 23
Appendix B (Informative) Framework of disaster recovery plan... 29
Appendix C (Informative) Example of relationship between RTO/RPO and
disaster recovery capability grade in an industry... 32
Foreword
Appendix A of this standard is normative. Appendix B and Appendix C are
informative.
This standard was proposed by and shall be under the jurisdiction of the
National Information Security Standardization Technical Committee.
Drafting organization of this standard. China Information Security Product
Evaluation and Certification Center.
The main drafters of this standard. Wang Qi, Xiong Sihao, Zhang Li, Liu Yan,
Guo Quanming, Xu Qiang, Li Weihua, Li Jianbin, Tan Song, Liu Jianming, Liu
Zulong, Jiang Zhiqiang, Xu Qiang, Leng Biao, Liu Shanquan, Huang Wei, Yu
Jian, Liu Donghong, Shangguan Xiaoli.
1 Scope
This standard specifies the basic requirements for the disaster recovery of
information system.
This standard applies to the planning, approval, implementation, management
of disaster recovery of information system.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For the dated references, the subsequent
amendments (excluding corrections) or revisions do not apply to this Standard;
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB/T 5271.8 Information technology - Vocabulary - Part 8.security
GB/T 20984 Information security technology - Risk assessment specification
for information security
3 Terms and definitions
The terms and definitions as established in GB/T 5271.8 as well as the following
terms and definitions apply to this standard.
3.1
Backup center for disaster recovery
Alternate site
A site used to take over the primary system for data processing and support
critical business functions (3.6) after a disaster, which can provide the
backup system for disaster recovery (3.3), backup infrastructure and
technical support and operational maintenance management capabilities, or
alternate living facilities in or around the site.
3.2
Backup for disaster recovery
The process of backing up data, data processing systems, network systems,
infrastructure, professional technical support capabilities, operational
management capabilities for disaster recovery (3.9).
3.3
Backup system for disaster recovery
For the purpose of disaster recovery (3.9), an information system which
consists of a data backup system, a backup data processing system, a
backup network system.
3.4
Business continuity management
BCM
An overall management process to protect the organization’s interests,
reputation, brand, value creation activities, identify the threats which have
potential impact on the organization, provide a framework for establishing
and organizing an effective reaction recovery capability. This includes an
overall process of the organization’s management for recovery or continuity
when facing disaster as well as the training, drill, inspection to guarantee the
effectiveness of the business continuity plan or disaster recovery plans.
4 Overview of disaster recovery
4.1 Work scope for disaster recovery
Disaster recovery of information system includes disaster recovery planning
daily operations of the backup center for disaster recovery, recovery and
resumption of critical business functions in the backup center for disaster
recovery, post-disaster reconstruction and return work of primary system,
emergency response after an incident occurs.
4.2 Organization of disaster recovery
4.2.1 Establishment of an organization
The organization that uses or manages the information systems (hereinafter
referred to as the “organization”) shall, combining its actual conditions, establish
an organization for disaster recovery, clarify its responsibilities. Some of them
may undertake two or more responsibilities, other positions may be held by
multiple people (it shall clarify the replacement order in the disaster recovery
plan).
4.2.2 Responsibilities of the organization
4.3 Management of disaster recovery planning
The organization shall assess the risks of the disaster recovery planning
process, prepare the required resources, determine detailed tasks and
timelines, supervise and manage planning activities, track and report on the
progress of task, conduct problem management and change management.
4.4 External collaboration for disaster recovery
The organization shall liaise and collaborate with relevant management,
equipment and service providers, telecommunications, power and news media,
to ensure timely notification of accurate conditions and obtaining appropriate
support in the event of a disaster.
4.5 Audit and filing of disaster recovery
The grading of disaster recovery and the formulation of disaster recovery plans
shall be audited and filed in accordance with relevant regulations.
5 Determination of disaster recovery needs
5.1 Risk analysis
The main contents of risk analysis include. identifying the asset value of the
information system, identifying the natural and man-made threats faced by the
information system, identifying the vulnerability of the information system,
analyzing the possibility of various threats and quantitatively or qualitatively
describing the possible losses, identifying the existing risk prevention and
control measures.
5.2 Business impact analysis
5.2.1 Analyze business functions and related resource configuration
Analyze the various business functions and the correlation between various
business functions of the organization.
5.2.2 Assess the impact of interruptions
It shall use the following quantitative and/or qualitative methods, to assess the
impact of interruption of various business functions.
5.3 Determine disaster recovery objectives
Based on the results of risk analysis and business impact analysis, identify the
disaster recovery objectives, including.
6 Development of disaster recovery strategy
6.1 Elements for developing disaster recovery strategy
6.1.1 Resource elements for disaster recovery
The resources required to support disaster recovery at different grades
(hereafter referred to as “disaster recovery resources”) may be divided into the
following seven elements.
6.1.2 Principles of cost-benefit analysis
According to the disaster recovery objective, according to the principle of
balancing the cost of disaster recovery resources with the possible loss caused
by the risk (hereinafter referred to as “cost risk balance principle”), determine
the disaster recovery strategy for each critical business function. Different
business functions may use different disaster recovery strategies.
6.2 Method to obtain disaster recovery resources
6.2.1 Data backup system
The data backup system may be built by the organization itself or be obtained
by renting systems from other organizations.
6.2.4 Backup infrastructure
It may select the following three methods to get the backup infrastructure.
6.2.5 Professional technical support capability
It may select the following methods to obtain professional technical support
capabilities.
6.2.7 Disaster recovery plan
It may select the following methods to establish, implement, manage the
disaster recovery plans.
6.3 Requirements for disaster recovery resources
6.3.7 Disaster recovery plan
The organization shall, based on the results of the needs analysis, according to
the principle of cost-risk balance, clarify the following aspects of the disaster
recovery plan.
7 Implementation of disaster recovery strategy
7.1 Implementation of technical solution for backup system for disaster
recovery
7.1.1 Design of technical solutions
According to the disaster recovery strategy, develop the technical solution of
corresponding disaster backup system, including a data backup system, a
backup data processing system, a backup network system. The system as
designed in the technical solution shall.
7.1.2 Verification, confirmation, system development of technical
solutions
In order to ensure that the technical solution meets the requirements of the
disaster recovery strategy, it shall arrange the relevant departments of the
organization to confirm and validate the technical solutions. Record and store
the results of validation and confirmation.
7.2 Selection and construction of backup center for disaster recovery
7.2.1 Principles for site selection
When selecting or constructing a backup center for disaster recovery, it shall,
according to the results of risk analysis, avoid the disaster recovery center and
the primary center from the same risks.
7.3 Implementation of professional technical support
capabilities
7.5 Implementation of disaster recovery plan
7.5.1 Development of disaster recovery plan
The disaster recovery plan shall be developed in accordance with the following
principles.
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
|