HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (25 Oct 2025)

JR/T 0044-2008 PDF English

US$145.00 · In stock · Download in 9 seconds
JR/T 0044-2008: Management specification of information system disaster recovery for banks
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
JR/T 0044-2008English145 Add to Cart 0-9 seconds. Auto-delivery Management specification of information system disaster recovery for banks Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: JR/T 0044-2008
      

Similar standards

GB/T 19584   GB/T 12406   JR/T 0036   

JR/T 0044-2008: Management specification of information system disaster recovery for banks

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/JRT0044-2008
JR ICS A11 Record No.. BANKING INDUSTRY STANDARD Management Specification of Information System Disaster Recovery for Banks Issued on. FEBRUARY 4, 2008 Implemented on. FEBRUARY 4, 2008 Issued by. The People's Bank of China

Table of Contents

Foreword... 4 Introduction... 5 1 Scope... 6 2 Normative Reference... 6 3 Terms and Definitions... 6 4 Overview of Information System Disaster Recovery for Banks... 11 5 Establishment and Responsibilities of Organizational Institution... 12 6 Demand Analysis of Disaster Recovery... 14 7 Establishment of Disaster Recovery Strategy... 19 8 Construction of Backup Center for Disaster Recovery... 23 9 Operating Maintenance Management of Backup Center for Disaster Recovery... 24 10 Establishment, Exercise and Management of Disaster Recovery Plan... 25 11 Emergency Response and Disaster Recovery... 30 12 Supervision and Management... 32 Appendix A (Informative) Working Focuses of Emergency Response and Disaster Recovery... 34 Appendix B (Informative) Relationship between RTO/RPO and Disaster Recovery Capability Grade... 38

Foreword

This Standard is the description for the management specification of information system disaster recovery for banks. This Standard was proposed by the People's Bank of China and is under the jurisdiction of National Technical Committee on Financial of Standardization Administration of China. This Standard is approved by the People's Bank of China. Drafting organization of this Standard. The People's Bank of China Participating drafting organization of this Standard. Global Data Solutions Limited (Shenzhen). Chief drafting staffs of this Standard. Wen Sili, Li Xiaofeng, Yang Hong, Guo Quanming, Cao Xuhui, Li Jian, Yuan Huiping, Wang Qi, Yu Jian, He Zheng, Liu Donghong, Gao Yong, Chen Tianqing, Kang Tanyun, Wang Zheng, Zhang Yan, Zhu Yiqiang, Zhou Heng, Wang Xiong and Liu Pengpeng.

1 Scope

This specification specifies the management requirements of information system disaster recovery for banks. This specification is applicable to the People's Bank of China and banking financial institutions (including foreign-funded banks, hereinafter referred to as "organizations") established within the territory of the People's Republic of China.

2 Normative Reference

The following normative document contains the provisions which, through reference in this text, constitute the provisions of this Standard. For dated references, the subsequent amendments (excluding corrigendum) or revisions of these publications do not apply. However, all parties who reach an agreement according to this Standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies. GB/T 20988-2007 Information Security Technology - Disaster Recovery Specifications for Information Systems

3 Terms and Definitions

3.1 Information system A man-machine system that collects, processes, stores, transmits and retrieves information according to certain application objective and rule; it is consisted of computer system, network system software and hardware and their relevant equipment and facilities, application software etc. 3.2 Disaster Emergency incidents, manually or naturally caused and last for certain time, which cause major failure and breakdown of information system, bad data damage or stop the business functions supported by information system or make the service level reach unacceptable degree. 3.3 Disaster recovery DR Activity and process that are designed to recover the information system from operation failure or unacceptable state caused by disaster to normal operation state and recover the business functions it supports, from abnormal state caused by disaster to acceptable state. 3.4 Disaster recovery planning DRP Pre-incident plan and arrangement that are prepared to avoid loss brought about by disaster, and ensure the timely recovery and continuous operation of critical business functions supported by information system after occurrence of disaster. 3.5 Regional disaster Incident that causes severe damage to communication, electric power, traffic and other critical infrastructure or mass evacuation in its location or closely related adjacent regions and resulting in failure of maintaining the normal operation of information system. E.g., earthquake, large public health incident, terrorist attack, regional communication network failure and grid failure, etc.

4 Overview of Information System Disaster Recovery for Banks

4.1 Disaster Recovery Contents Disaster recovery mainly includes the following contents. 4.2 Periodic Duty for Disaster Recovery 4.2.1 Demand analysis Demand analysis for disaster recover mainly includes risk analysis and business impact analysis. 4.2.2 Strategy preparation The organization shall comprehensively plan the information system disaster recovery and prepare the uniform disaster recovery strategy. Disaster recovery strategic planning of three or more years shall meet the requirements of the minimum disaster recovery capability grade as described in 7.2.2 of this specification. The temporary disaster recovery strategy within three years may be reduced by one disaster recovery capability grade, or partial system may be reduced by one disaster recovery capability grade. 4.3 Inter-organization Cooperation The organization shall strengthen the coordination, contact, mutual cooperation and experience sharing with other organizations with business closely related to it to jointly assess the risk confronted and collaboratively prepare disaster recovery strategy to improve the overall risk prevention and disaster recovery capability of banks.

5 Establishment and Responsibilities of Organizational Institution

5.1 Establishment of Organizational Institution The organization shall establish organizational institution of disaster recovery in combination with specific conditions and define job responsibilities. The organizational institution of disaster recovery of organization shall be exactly described in disaster recovery plan.

6 Demand Analysis of Disaster Recovery

6.1 Risk Analysis 6.1.1 Determination of risk analysis objective The organization shall make clear the risk analysis objective and comprehensively identify the disaster risk threat and vulnerability of information system according to the strategic objective of long-term sustainable development and information construction. 6.1.3 Risk analysis method 6.2 Business Impact Analysis 6.2.1 Business function analysis The criticality of business function is determined through business function analysis; the analysis contents mainly include. 6.3.2 Determination of minimum recovery requirements The minimum requirements of information system disaster recovery objective are determined according to the time sensitivity of information system. 6.3.3 Determination of recovery priority The recovery priority of information system is determined by taking comprehensive consideration of intersystem dependence according to the business function analysis and business interruption impact analysis. 6.3.4 Determination of relevant resources The organization shall determine seven aspects of resource elements required for disaster recovery.

7 Establishment of Disaster Recovery Strategy

7.1 Cost Risk Analysis and Strategy Determination The disaster recovery strategy of each critical business function is determined according to the Cost Risk Balance Principle; different disaster recovery strategy may be adopted for different business function. Disaster recovery strategy is the planning, method and measure established by the organization for reaching the disaster recovery objective. The disaster recovery strategy mainly includes. 7.2 Disaster Recovery Capability Grade 7.2.1 Determination of disaster recovery capability grade The organization shall determine the disaster recovery capability grade of information system according to the RTO and RPO requirements of information system, see Appendix B. 7.2.2 Minimum requirements of disaster recovery capability grade The information system shall reach the following disaster recovery capability grade at minimum according to the disaster recovery demand grade. 7.4 Acquisition and Guarantee of Resource and Service 7.4.1 Resource acquisition 7.4.3 Outsourcing management The organization shall strengthen the disaster recovery service outsourcing management, sign security, confidentiality and service level protocols with service outsourcing provider, make clear the responsibilities and legal liabilities of service outsourcing provider, regularly verify the service level and capability of service outsourcing provider, and guarantee the security controllability of service outsourcing and the service quality through adopting various management and control measures. For the system involving state secret information, the organization shall follow the relevant policies, laws and regulations of the state to carefully choose the service outsourcing provider from the angle of guaranteeing national information security. The service outsourcing provider for disaster recovery shall comply with the relevant service qualification requirements of the state and industry, and shall at least meet the following requirements.

8 Construction of Backup Center for Disaster Recovery

8.1 Infrastructure Construction The infrastructure construction of backup center for disaster recovery includes the construction of computer room and auxiliary facilities. The site selection, planning, design, construction and acceptance of backup center for disaster recovery shall comply with the requirements of relevant standards and specifications of the state and financial industry. The availability of computer room shall at least reach 99.9%. 8.2 Construction of Backup System for Disaster Recovery through technology and business tests. 8.3 Project Supervision The organization may entrust professional third party supervision organization to carry out effective supervision and management on the project implementation of backup center for disaster recovery to ensure the project progress, quality and the completion of fund management objective.

9 Operating Maintenance Management of Backup Center for Disaster Recovery

9.1 Management System Construction In order to ensure the effectiveness of backup center for disaster recovery, perfect operating maintenance management system and operation regulation shall be established, and post responsibilities shall be defined. The main contents are as follows. 9.2 Work Contents of Operating Maintenance 9.2.1 Infrastructure The infrastructure shall be maintained regularly to ensure the availability of work facilities (electricity, communication, computer room environment, security monitoring facilities, etc.), auxiliary facilities and living facilities of backup center for disaster recovery. 9.2.4 Backup network system Backup network system shall be detected and maintained regularly, including data network, storage network, voice communication system, etc.. Various patches, updates and changes of production system shall be timely updated to the backup network system. 9.3 Resource Assurance of Operating Maintenance The backup center for disaster recovery shall be provided with a certain quantity of personnel with professional quality of disaster recovery and necessary work and living facilities; sufficient operation and maintenance fund input shall be guaranteed to ensure the normal operation of backup center for disaster recovery. JR/T 0044-2008 JR ICS A11 Record No.. BANKING INDUSTRY STANDARD Management Specification of Information System Disaster Recovery for Banks Issued on. FEBRUARY 4, 2008 Implemented on. FEBRUARY 4, 2008 Issued by. The People's Bank of China

Table of Contents

Foreword... 4 Introduction... 5 1 Scope... 6 2 Normative Reference... 6 3 Terms and Definitions... 6 4 Overview of Information System Disaster Recovery for Banks... 11 5 Establishment and Responsibilities of Organizational Institution... 12 6 Demand Analysis of Disaster Recovery... 14 7 Establishment of Disaster Recovery Strategy... 19 8 Construction of Backup Center for Disaster Recovery... 23 9 Operating Maintenance Management of Backup Center for Disaster Recovery... 24 10 Establishment, Exercise and Management of Disaster Recovery Plan... 25 11 Emergency Response and Disaster Recovery... 30 12 Supervision and Management... 32 Appendix A (Informative) Working Focuses of Emergency Response and Disaster Recovery... 34 Appendix B (Informative) Relationship between RTO/RPO and Disaster Recovery Capability Grade... 38

Foreword

This Standard is the description for the management specification of information system disaster recovery for banks. This Standard was proposed by the People's Bank of China and is under the jurisdiction of National Technical Committee on Financial of Standardization Administration of China. This Standard is approved by the People's Bank of China. Drafting organization of this Standard. The People's Bank of China Participating drafting organization of this Standard. Global Data Solutions Limited (Shenzhen). Chief drafting staffs of this Standard. Wen Sili, Li Xiaofeng, Yang Hong, Guo Quanming, Cao Xuhui, Li Jian, Yuan Huiping, Wang Qi, Yu Jian, He Zheng, Liu Donghong, Gao Yong, Chen Tianqing, Kang Tanyun, Wang Zheng, Zhang Yan, Zhu Yiqiang, Zhou Heng, Wang Xiong and Liu Pengpeng.

1 Scope

This specification specifies the management requirements of information system disaster recovery for banks. This specification is applicable to the People's Bank of China and banking financial institutions (including foreign-funded banks, hereinafter referred to as "organizations") established within the territory of the People's Republic of China.

2 Normative Reference

The following normative document contains the provisions which, through reference in this text, constitute the provisions of this Standard. For dated references, the subsequent amendments (excluding corrigendum) or revisions of these publications do not apply. However, all parties who reach an agreement according to this Standard are encouraged to study whether the latest edition of the normative document is applicable. For undated references, the latest edition of the normative document applies. GB/T 20988-2007 Information Security Technology - Disaster Recovery Specifications for Information Systems

3 Terms and Definitions

3.1 Information system A man-machine system that collects, processes, stores, transmits and retrieves information according to certain application objective and rule; it is consisted of computer system, network system software and hardware and their relevant equipment and facilities, application software etc. 3.2 Disaster Emergency incidents, manually or naturally caused and last for certain time, which cause major failure and breakdown of information system, bad data damage or stop the business functions supported by information system or make the service level reach unacceptable degree. 3.3 Disaster recovery DR Activity and process that are designed to recover the information system from operation failure or unacceptable state caused by disaster to normal operation state and recover the business functions it supports, from abnormal state caused by disaster to acceptable state. 3.4 Disaster recovery planning DRP Pre-incident plan and arrangement that are prepared to avoid loss brought about by disaster, and ensure the timely recovery and continuous operation of critical business functions supported by information system after occurrence of disaster. 3.5 Regional disaster Incident that causes severe damage to communication, electric power, traffic and other critical infrastructure or mass evacuation in its location or closely related adjacent regions and resulting in failure of maintaining the normal operation of information system. E.g., earthquake, large public health incident, terrorist attack, regional communication network failure and grid failure, etc.

4 Overview of Information System Disaster Recovery for Banks

4.1 Disaster Recovery Contents Disaster recovery mainly includes the following contents. 4.2 Periodic Duty for Disaster Recovery 4.2.1 Demand analysis Demand analysis for disaster recover mainly includes risk analysis and business impact analysis. 4.2.2 Strategy preparation The organization shall comprehensively plan the information system disaster recovery and prepare the uniform disaster recovery strategy. Disaster recovery strategic planning of three or more years shall meet the requirements of the minimum disaster recovery capability grade as described in 7.2.2 of this specification. The temporary disaster recovery strategy within three years may be reduced by one disaster recovery capability grade, or partial system may be reduced by one disaster recovery capability grade. 4.3 Inter-organization Cooperation The organization shall strengthen the coordination, contact, mutual cooperation and experience sharing with other organizations with business closely related to it to jointly assess the risk confronted and collaboratively prepare disaster recovery strategy to improve the overall risk prevention and disaster recovery capability of banks.

5 Establishment and Responsibilities of Organizational Institution

5.1 Establishment of Organizational Institution The organization shall establish organizational institution of disaster recovery in combination with specific conditions and define job responsibilities. The organizational institution of disaster recovery of organization shall be exactly described in disaster recovery plan.

6 Demand Analysis of Disaster Recovery

6.1 Risk Analysis 6.1.1 Determination of risk analysis objective The organization shall make clear the risk analysis objective and comprehensively identify the disaster risk threat and vulnerability of information system according to the strategic objective of long-term sustainable development and information construction. 6.1.3 Risk analysis method 6.2 Business Impact Analysis 6.2.1 Business function analysis The criticality of business function is determined through business function analysis; the analysis contents mainly include. 6.3.2 Determination of minimum recovery requirements The minimum requirements of information system disaster recovery objective are determined according to the time sensitivity of information system. 6.3.3 Determination of recovery priority The recovery priority of information system is determined by taking comprehensive consideration of intersystem dependence according to the business function analysis and business interruption impact analysis. 6.3.4 Determination of relevant resources The organization shall determine seven aspects of resource elements required for disaster recovery.

7 Establishment of Disaster Recovery Strategy

7.1 Cost Risk Analysis and Strategy Determination The disaster recovery strategy of each critical business function is determined according to the Cost Risk Balance Principle; different disaster recovery strategy may be adopted for different business function. Disaster recovery strategy is the planning, method and measure established by the organization for reaching the disaster recovery objective. The disaster recovery strategy mainly includes. 7.2 Disaster Recovery Capability Grade 7.2.1 Determination of disaster recovery capability grade The organization shall determine the disaster recovery capability grade of information system according to the RTO and RPO requirements of information system, see Appendix B. 7.2.2 Minimum requirements of disaster recovery capability grade The information system shall reach the following disaster recovery capability grade at minimum according to the disaster recovery demand grade. 7.4 Acquisition and Guarantee of Resource and Service 7.4.1 Resource acquisition 7.4.3 Outsourcing management The organization shall strengthen the disaster recovery service outsourcing management, sign security, confidentiality and service level protocols with service outsourcing provider, make clear the responsibilities and legal liabilities of service outsourcing provider, regularly verify the service level and capability of service outsourcing provider, and guarantee the security controllability of service outsourcing and the service quality through adopting various management and control measures. For the system involving state secret information, the organization shall follow the relevant policies, laws and regulations of the state to carefully choose the service outsourcing provider from the angle of guaranteeing national information security. The service outsourcing provider for disaster recovery shall comply with the relevant service qualification requirements of the state and industry, and shall at least meet the following requirements.

8 Construction of Backup Center for Disaster Recovery

8.1 Infrastructure Construction The infrastructure construction of backup center for disaster recovery includes the construction of computer room and auxiliary facilities. The site selection, planning, design, construction and acceptance of backup center for disaster recovery shall comply with the requirements of relevant standards and specifications of the state and financial industry. The availability of computer room shall at least reach 99.9%. 8.2 Construction of Backup System for Disaster Recovery through technology and business tests. 8.3 Project Supervision The organization may entrust professional third party supervision organization to carry out effective supervision and management on the project implementation of backup center for disaster recovery to ensure the project progress, quality and the completion of fund management objective.

9 Operating Maintenance Management of Backup Center for Disaster Recovery

9.1 Management System Construction In order to ensure the effectiveness of backup center for disaster recovery, perfect operating maintenance management system and operation regulation shall be established, and post responsibilities shall be defined. The main contents are as follows. 9.2 Work Contents of Operating Maintenance 9.2.1 Infrastructure The infrastructure shall be maintained regularly to ensure the availability of work facilities (electricity, communication, computer room environment, security monitoring facilities, etc.), auxiliary facilities and living facilities of backup center for disaster recovery. 9.2.4 Backup network system Backup network system shall be detected and maintained regularly, including data network, storage network, voice communication system, etc.. Various patches, updates and changes of production system shall be timely updated to the backup network system. 9.3 Resource Assurance of Operating Maintenance The backup center for disaster recovery shall be provided with a certain quantity of personnel with professional quality of disaster recovery and necessary work and living facilities; sufficient operation and maintenance fund input shall be guaranteed to ensure the normal operation of backup center for disaster recovery. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of JR/T 0044-2008 be delivered?

Answer: The full copy PDF of English version of JR/T 0044-2008 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of JR/T 0044-2008_English with my colleagues?

Answer: Yes. The purchased PDF of JR/T 0044-2008_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- JR/T 0044-2008 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of JR/T 0044-2008?

A step-by-step guide to download PDF of JR/T 0044-2008_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "JR/T 0044-2008".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9   

Refund Policy     Privacy Policy     Terms of Service     Shipping Policy     Contact Information