Risico’s van een gevirtualiseerde IT-omgeving

More documents

Recommendations

Info

Risico’s van een gevirtualiseerde IT-omgeving Possen & Ulrich----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ProcessnumberProcessControlobjectivenumberControl objectiveControl objective descriptionSLAsAccompany all exception reports with recommendations for corrective action.DS04DS04DS04Ensure continuousserviceEnsure continuousserviceEnsure continuousserviceDS4.1 IT Continuity Framework Develop a framework for IT continuity to support enterprisewide businesscontinuity management using a consistent process. The objective of theframework should be to assist in determining the required resilience of theinfrastructure and to drive the development of disaster recovery and ITcontingency plans. The framework should address the organisational structurefor continuity management, covering the roles, tasks and responsibilities ofinternal and external service providers, their management and theircustomers, and the planning processes that create the rules and structures todocument, test and execute the disaster recovery and IT contingency plans.The plan should also address items such as the identification of criticalresources, noting key dependencies, the monitoring and reporting of theavailability of critical resources, alternative processing, and the principles ofbackup and recovery.DS4.2 IT Continuity Plans Develop IT continuity plans based on the framework and designed to reducethe impact of a major disruption on key business functions and processes. Theplans should be based on risk understanding of potential business impacts andaddress requirements for resilience, alternative processing and recoverycapability of all critical IT services. They should also cover usage guidelines,roles and responsibilities, procedures, communication processes, and thetesting approach.DS4.3 Critical IT Resources Focus attention on items specified as most critical in the IT continuity plan tobuild in resilience and establish priorities in recovery situations. Avoid thedistraction of recovering less-critical items and ensure response and recoveryin line with prioritised business needs, while ensuring that costs are kept at anacceptable level and complying with regulatory and contractual requirements.Consider resilience, response and recovery requirements for different tiers,e.g., one to four hours, four to 24 hours, more than 24 hours and criticalbusiness operational periods.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Pagina 116
Risico’s van een gevirtualiseerde IT-omgeving Possen & Ulrich----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ProcessnumberDS04DS04DS04DS04DS04ProcessEnsure continuousserviceEnsure continuousserviceEnsure continuousserviceEnsure continuousserviceEnsure continuousserviceControlobjectivenumberDS4.4DS4.5Control objectiveMaintenance of the ITContinuity PlanTesting of the IT ContinuityPlanControl objective descriptionEncourage IT management to define and execute change control proceduresto ensure that the IT continuity plan is kept up to date and continually reflectsactual business requirements. Communicate changes in procedures andresponsibilities clearly and in a timely manner.Test the IT continuity plan on a regular basis to ensure that IT systems can beeffectively recovered, shortcomings are addressed and the plan remainsrelevant. This requires careful preparation, documentation, reporting of testresults and, according to the results, implementation of an action plan.Consider the extent of testing recovery of single applications to integratedtesting scenarios to end-to-end testing and integrated vendor testing.DS4.6 IT Continuity Plan Training Provide all concerned parties with regular training sessions regarding theprocedures and their roles and responsibilities in case of an incident ordisaster. Verify and enhance training according to the results of thecontingency tests.DS4.7DS4.8Distribution of the ITContinuity PlanIT Services Recovery andResumptionDetermine that a defined and managed distribution strategy exists to ensurethat plans are properly and securely distributed and available to appropriatelyauthorised interested parties when and where needed. Attention should bepaid to making the plans accessible under all disaster scenarios.Plan the actions to be taken for the period when IT is recovering andresuming services. This may include activation of backup sites, initiation ofalternative processing, customer and stakeholder communication, andresumption procedures. Ensure that the business understands IT recoverytimes and the necessary technology investments to support business recoveryand resumption needs.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Pagina 117
Page 1:
Risico’s van een gevirtualiseerde
Page 4 and 5:
Possen & UlrichRisico’s van een g
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69: Possen & UlrichRisico’s van een g
Page 84 and 85: Risico’s van een gevirtualiseerde
Page 128: Possen & UlrichRisico’s van een g
show all

Risico’s van een gevirtualiseerde IT-omgeving

Create successful ePaper yourself

Delete template?

Save as template?