R&M Data Center Handbook

Recommendations

Info

www.datacenter.rdm.com IT Governance IT Risk Management IT Compliance In 2010, a scientifically established definition, validated by GRC experts, of Integrated Governance, Risk and Compliance Management was published (Racz et al. 2010): “GRC is a holistic approach that ensures an organization acts ethically and in accordance with its risk appetite, internal policies and external regulations through the alignment of strategy, processes, technology and people, to improve efficiency and effectiveness.” Governance Governance is corporate management by defined guidelines. These guidelines include the definition of corporate goals, the planning of the necessary resources to accomplish them and the methods applied to implement them. Risk Management Risk management is the set of processes by which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. Possible responses include early recognition, controlling, avoiding, and damage control. Compliance Compliance means conforming to internal and external standards in the flow and processing of information. Requirements include parameters from standardization drafts, data access regulations and their legal bases. The relevance of these three areas in terms of IT systems will be discussed in the following sections. 2.3.1. IT Governance IT governance refers to the corporate structuring, controlling and monitoring of the IT systems and IT processes in a company. Its objective is to dovetail IT processes with corporate strategy; it is closely linked to overall corporate governance. The main components of IT governance are: • Strategic Alignment: continuously aligning IT processes and structures with strategic enterprise objectives • Resources Management: responsible and sustainable use of IT resources • Risk Management: identification, evaluation and management of IT-related risks • Performance Measurement: measuring the performance of IT processes and services • Value Delivery: monitoring and evaluating IT contributions The implementation of IT governance is supported by powerful, internationally recognized procedures. These include: • Control model – focus financial reporting: COSO (Committee of Sponsoring Organizations of the Treadway Commission) • Corporate governance in information technology: ISO/IEC 38500:2008 • Control model for IT management: Cobit (Control Objectives for Information and Related Technology) • Implementation of IT service management: ISO 20000, ITIL (Information Technology Infrastructure Library) • Information security: ISO/IEC 27002 and basic IT protection catalogs R&M Data Center Handbook V2.0 © 08/2011 Reichle & De-Massari AG Page 27 of 156
www.datacenter.rdm.com 2.3.2. IT Risk Management IT risk management helps to ensure an organization’s strategic objectives are not jeopardized by IT failure. The term risk refers to any negative deviation from planned values – whereas chance refers to any positive deviation. Reasons to implement an IT risk management system: • Legal aspect o • Economic aspects o o o o • Operational aspects o Careful management (see SOX, KonTraG, RRG) Providing fundamental support by reducing errors and failures in IT systems Negotiating advantage with potential customers by enhancing their trust in the ability to supply Advantage in rating assessment of banks for credit approval Premium advantages with insurance policies (e.g. fire and business interruption insurance) Wide range of applications and saving options There are four classic risk response strategies: • Avoidance • Mitigation • Transfer • Acceptance IT risks can be categorized as follows: • Organizational risks • Legal and economic risks • Infrastructural risks • Application and process-related risks 2.3.3. IT Compliance IT compliance means conforming to current IT-related requirements, i.e. laws, regulations, strategies and contracts. Compliance requirements typically include information security, availability, data storing and data protection. IT compliance mainly affects stock corporations and limited liability companies (Ltd.) since in these companies CEOs and management can be held personally liable for compliance with legal regulations. Non-observance may result in civil and criminal proceedings. The Federal Data Protection Act in Germany specifies a custodial sentence of up to two years or a fine in the event of infringement. Frequently, there are standards and good practice guidelines to comply with, generally by contractual agreement with customers or competitors. The core task basically involves documentation and the resulting adaptation of IT resources as well as the analysis and evaluation of potential problems and hazards (see also risk analysis). IT resources refer to hardware, software, IT infrastructures (buildings, networks), services (e.g. web services) and the roles and rights of software users. It is crucial that the implementation of compliance is understood to be a continuous process and not a short-term measure. 2.3.4. Standards and Regulations There are numerous bodies responsible for developing and specifying security standards and regulations worldwide. Page 28 of 156 © 08/2011 Reichle & De-Massari AG R&M Data Center Handbook V2.0
Page 1 and 2: R&M Data Center Handbook
Page 3 and 4: www.datacenter.rdm.com Table of Con
Page 5 and 6: www.datacenter.rdm.com 4. Appendix
Page 7 and 8: www.datacenter.rdm.com File Server
Page 9 and 10: www.datacenter.rdm.com Storage Arch
Page 11 and 12: www.datacenter.rdm.com • Yahoo!:
Page 13 and 14: www.datacenter.rdm.com Cabinet syst
Page 15 and 16: www.datacenter.rdm.com 1.10. Energy
Page 17 and 18: www.datacenter.rdm.com 1.12. Securi
Page 19 and 20: www.datacenter.rdm.com In general,
Page 21 and 22: www.datacenter.rdm.com 2. Planning
Page 23 and 24: www.datacenter.rdm.com Typology bas
Page 25 and 26: www.datacenter.rdm.com 2.2.2. Class
Page 27: www.datacenter.rdm.com For cabling
Page 31 and 32: www.datacenter.rdm.com • IT Basel
Page 33 and 34: www.datacenter.rdm.com Depending on
Page 35 and 36: www.datacenter.rdm.com 2.3.6. Poten
Page 37 and 38: www.datacenter.rdm.com The followin
Page 39 and 40: www.datacenter.rdm.com Moreover, th
Page 41 and 42: www.datacenter.rdm.com 2.4.3. Expec
Page 43 and 44: www.datacenter.rdm.com There are se
Page 45 and 46: www.datacenter.rdm.com 2.5. Aspects
Page 47 and 48: www.datacenter.rdm.com 3. Data Cent
Page 49 and 50: www.datacenter.rdm.com ENI: Externa
Page 51 and 52: www.datacenter.rdm.com 3.1.4. TIA-9
Page 53 and 54: www.datacenter.rdm.com Individual a
Page 55 and 56: www.datacenter.rdm.com 3.3. Network
Page 57 and 58: www.datacenter.rdm.com Aggregation
Page 59 and 60: www.datacenter.rdm.com The differen
Page 61 and 62: www.datacenter.rdm.com 3.4.2. End o
Page 63 and 64: www.datacenter.rdm.com 3.4.4. Two R
Page 65 and 66: www.datacenter.rdm.com In contrast
Page 67 and 68: www.datacenter.rdm.com 3.5. Data Ce
Page 69 and 70: www.datacenter.rdm.com In buildings
Page 71 and 72: www.datacenter.rdm.com Higher tempe
Page 73 and 74: www.datacenter.rdm.com The server c
Page 75 and 76: www.datacenter.rdm.com Tray The adv
Page 77 and 78: www.datacenter.rdm.com Fire and Lig
Page 79 and 80:
www.datacenter.rdm.com Vandalism, T
Page 81 and 82:
www.datacenter.rdm.com Server (Sing
Page 83 and 84:
www.datacenter.rdm.com The key perf
Page 85 and 86:
www.datacenter.rdm.com Storage Solu
Page 87 and 88:
www.datacenter.rdm.com Router A rou
Page 89 and 90:
www.datacenter.rdm.com A GBIC modul
Page 91 and 92:
www.datacenter.rdm.com 3.6.6. Trend
Page 93 and 94:
www.datacenter.rdm.com Classic Stru
Page 95 and 96:
www.datacenter.rdm.com 3.7.3. Trend
Page 97 and 98:
www.datacenter.rdm.com Layer 1 - Ph
Page 99 and 100:
www.datacenter.rdm.com Although the
Page 101 and 102:
www.datacenter.rdm.com All optical
Page 103 and 104:
www.datacenter.rdm.com Trend Server
Page 105 and 106:
www.datacenter.rdm.com 3.8.4. Fibre
Page 107 and 108:
www.datacenter.rdm.com The InfiniBa
Page 109 and 110:
www.datacenter.rdm.com Shortest Pat
Page 111 and 112:
www.datacenter.rdm.com 3.9.1 Coax a
Page 113 and 114:
www.datacenter.rdm.com Since old ca
Page 115 and 116:
www.datacenter.rdm.com The closenes
Page 117 and 118:
www.datacenter.rdm.com R&M’s visu
Page 119 and 120:
www.datacenter.rdm.com The followin
Page 121 and 122:
www.datacenter.rdm.com As already m
Page 123 and 124:
www.datacenter.rdm.com According to
Page 125 and 126:
www.datacenter.rdm.com Summary Desp
Page 127 and 128:
www.datacenter.rdm.com Two examinat
Page 129 and 130:
www.datacenter.rdm.com The criteria
Page 131 and 132:
www.datacenter.rdm.com Adapters The
Page 133 and 134:
www.datacenter.rdm.com Method R Met
Page 135 and 136:
www.datacenter.rdm.com Methode B Re
Page 137 and 138:
www.datacenter.rdm.com PD Operation
Page 139 and 140:
www.datacenter.rdm.com The investig
Page 141 and 142:
www.datacenter.rdm.com Thanks to th
Page 143 and 144:
www.datacenter.rdm.com The permanen
Page 145 and 146:
www.datacenter.rdm.com The intersec
Page 147 and 148:
www.datacenter.rdm.com Alien crosst
Page 149 and 150:
www.datacenter.rdm.com The Cat. 7 A
Page 151 and 152:
www.datacenter.rdm.com With the “
Page 153 and 154:
www.datacenter.rdm.com Stress condi
Page 155 and 156:
www.datacenter.rdm.com Immunity aga
Page 157 and 158:
www.datacenter.rdm.com 4. Appendix
show all

R&M Data Center Handbook

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?