HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (23 Mar 2025)

JR/T 0044-2008 PDF English


Search result: JR/T 0044-2008
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
JR/T 0044-2008English145 Add to Cart 0-9 seconds. Auto-delivery. Management specification of information system disaster recovery for banks Valid


PDF Preview: JR/T 0044-2008


JR/T 0044-2008: PDF in English (JRT 0044-2008)

JR/T 0044-2008 JR ICS A11 Record No.. BANKING INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA Management Specification of Information System Disaster Recovery for Banks ISSUED ON. FEBRUARY 4, 2008 IMPLEMENTED ON. FEBRUARY 4, 2008 Issued by. The People's Bank of China Table of Contents Foreword ... 4  Introduction ... 5  1 Scope ... 6  2 Normative Reference ... 6  3 Terms and Definitions ... 6  4 Overview of Information System Disaster Recovery for Banks ... 11  4.1 Disaster Recovery Contents ... 11  4.2 Periodic Duty for Disaster Recovery ... 11  4.3 Inter-organization Cooperation ... 12  5 Establishment and Responsibilities of Organizational Institution... 12  5.1 Establishment of Organizational Institution ... 12  5.2 Composition and Responsibilities of Organizational institution ... 12  6 Demand Analysis of Disaster Recovery ... 14  6.1 Risk Analysis... 14  6.2 Business Impact Analysis ... 16  6.3 Determination of Disaster Recovery Demand ... 17  7 Establishment of Disaster Recovery Strategy ... 19  7.1 Cost Risk Analysis and Strategy Determination ... 19  7.2 Disaster Recovery Capability Grade ... 19  7.3 Layout of Backup Center for Disaster Recovery ... 20  7.4 Acquisition and Guarantee of Resource and Service ... 20  8 Construction of Backup Center for Disaster Recovery ... 23  8.1 Infrastructure Construction ... 23  8.2 Construction of Backup System for Disaster Recovery ... 23  8.3 Project Supervision ... 24  9 Operating Maintenance Management of Backup Center for Disaster Recovery ... 24  9.1 Management System Construction ... 24  9.2 Work Contents of Operating Maintenance ... 24  9.3 Resource Assurance of Operating Maintenance ... 25  10 Establishment, Exercise and Management of Disaster Recovery Plan ... 25  10.1 Establishment of Disaster Recovery Plan ... 25  10.2 Exercise of Disaster Recovery Plan ... 27  10.3 Management of Disaster Recovery Plan ... 29  11 Emergency Response and Disaster Recovery ... 30  11.1 Emergency Response ... 30  11.2 Disaster Recovery ... 30  11.3 Restoration and Return ... 31  12 Supervision and Management ... 32  12.1 Audit ... 32  12.2 Recording ... 32  Appendix A (Informative) Working Focuses of Emergency Response and Disaster Recovery ... 34  Appendix B (Informative) Relationship between RTO/RPO and Disaster Recovery Capability Grade ... 38  Foreword This Standard is the description for the management specification of information system disaster recovery for banks. This Standard was proposed by the People's Bank of China and is under the jurisdiction of National Technical Committee on Financial of Standardization Administration of China. This Standard is approved by the People's Bank of China. Drafting organization of this Standard. The People's Bank of China Participating drafting organization of this Standard. Global Data Solutions Limited (Shenzhen). Chief drafting staffs of this Standard. Wen Sili, Li Xiaofeng, Yang Hong, Guo Quanming, Cao Xuhui, Li Jian, Yuan Huiping, Wang Qi, Yu Jian, He Zheng, Liu Donghong, Gao Yong, Chen Tianqing, Kang Tanyun, Wang Zheng, Zhang Yan, Zhu Yiqiang, Zhou Heng, Wang Xiong and Liu Pengpeng. Management Specification of Information System Disaster Recovery for Banks 1 Scope This specification specifies the management requirements of information system disaster recovery for banks. This specification is applicable to the People's Bank of China and banking financial institutions (including foreign-funded banks, hereinafter referred to as "organizations") established within the territory of the People's Republic of China. 2 Normative Reference The following normative document contains the provisions which, through reference in this text, constitute the provisions of this Standard. For dated references, the subsequent amendments (excluding corrigendum) or revisions of these publications do not apply. However, all parties who reach an agreement according to this Standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies. GB/T 20988-2007 Information Security Technology - Disaster Recovery Specifications for Information Systems 3 Terms and Definitions 3.1 Information system A man-machine system that collects, processes, stores, transmits and retrieves information according to certain application objective and rule; it is consisted of computer system, network system software and hardware and their relevant equipment and facilities, application software etc. 3.2 Disaster Emergency incidents, manually or naturally caused and last for certain time, which cause major failure and breakdown of information system, bad data damage or stop the business functions supported by information system or make the service level reach unacceptable degree. 3.3 Disaster recovery DR Activity and process that are designed to recover the information system from operation failure or unacceptable state caused by disaster to normal operation state and recover the business functions it supports, from abnormal state caused by disaster to acceptable state. 3.4 Disaster recovery planning DRP Pre-incident plan and arrangement that are prepared to avoid loss brought about by disaster, and ensure the timely recovery and continuous operation of critical business functions supported by information system after occurrence of disaster. 3.5 Regional disaster Incident that causes severe damage to communication, electric power, traffic and other critical infrastructure or mass evacuation in its location or closely related adjacent regions and resulting in failure of maintaining the normal operation of information system. E.g., earthquake, large public health incident, terrorist attack, regional communication network failure and grid failure, etc. 3.6 Risk analysis RA Process that determines the risk affecting the normal operation of information system, assessing the function vital to the business operation of organizations and defining the control measures reducing the potential hazards. Risk analysis frequently involves the assessment of special incident probability. 3.7 Business impact analysis BIA Analyzing business functions and their relevant information system resources and assessing the impact of specific disaster on various service functions. 3.8 Critical business functions The service or function which will significantly affect the organization operation once it is interrupted for certain time. 3.9 Production system Information system that supports the production operation of organizations under nor... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.