BS ISO/IEC 24762:2008 - Information technology. Security techniques. Guidelines for information and communications technology disaster recovery services – BSI British Standards

BS ISO/IEC 24762:2008

Information technology. Security techniques. Guidelines for information and communications technology disaster recovery services

Status : Withdrawn   Published : February 2008

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001

BS ISO/IEC 24762:2008  Information technology. Security techniques. Guidelines for information and communications technology disaster recovery services

BS ISO/IEC 24762 is the international standard that offers guidelines on the provision of ICT disaster recovery (ICT DR) services as part of business continuity management (BCM).

Information security management is the process by which management aims to achieve effective confidentiality, integrity and availability of information and service. When an organization implements an ISMS the risks of interruptions to business activities for any reason should always be identified. ISO/IEC 27001 and ISO/IEC 27002 include a control objective for information security aspects of business continuity management (refer to BS ISO/IEC 27002), the implementation of which will reduce those risks.

That control objective is supported by controls to be selected and implemented as part of the ISMS process. Business continuity management is an integral part of a holistic risk management process that safeguards the interests of an organization’s key stakeholders, reputation, brand and value creating activities through: identifying potential threats that may cause adverse impacts on an organization’s business operations, and associated risks; providing a framework for building resilience for business operations; providing capabilities, facilities, processes, action task lists, etc., for effective responses to disasters and failures.

In planning for business continuity, the fallback arrangements for information processing and communication facilities become beneficial during periods of minor outages and essential for ensuring information and service availability during a disaster or failure for the (complete) recovery of activities over a period of time. Such fallback arrangements may include arrangements with third parties in the form of reciprocal agreements, or commercial subscription services.

It specifies the requirements for implementing, operating, monitoring and maintaining ICT DR services and facilities, the capabilities which outsourced ICT DR service providers should possess and the practices they should follow.

There is also guidance on selecting a recovery site and advice on continuous service improvement.

The standard is especially suited to internal and outsourced ICT DR service providers of physical facilities and services as it describes the basic practices that ICT DR service providers should consider.

It covers the requirements that service providers should meet, recognizing that individual organizations may have additional requirements that are specific to them (which would have to be addressed in the agreements/contracts with service providers).

Examples of such organization requirements may include special encryption software and secured operation procedures, equipment, knowledgeable personnel and application documentation.

Such additional organization specific requirements, if necessary, are generally negotiated on a case-by-case basis and are the subject of detailed contract negotiations between organizations and their ICT DR service providers and are not within the scope of this International Standard.

Contents of BS ISO/IEC 24762 include:

  • Introduction
  • Structure
  • Framework
  • Interpretation of clauses
  • Scope
  • Exclusions
  • Audience
  • Normative references
  • Terms and definitions
  • Abbreviated terms
  • ICT disaster recovery
  • Environmental stability
  • Asset management
  • Proximity of site
  • Vendor management
  • Outsourcing arrangements
  • Information security
  • Activation and deactivation of disaster recovery plan
  • Training and education
  • Testing on ICT systems
  • Business continuity planning for ICT DR service providers
  • Documentation and periodic review
  • ICT disaster recovery facilities
  • Location of recovery sites
  • Physical access controls
  • Physical facility security
  • Dedicated areas
  • Environmental controls
  • Telecommunications
  • Power supply
  • Cable management
  • Fire protection
  • Emergency operations center (EOC)
  • Restricted facilities
  • Non-recovery amenities
  • Physical facilities and support equipment life cycle
  • Testing
  • Outsourced service provider’s capability
  • Review organization disaster recovery status
  • Facilities requirements
  • Expertise
  • Logical access control
  • ICT equipment and operation readiness
  • Simultaneous recovery support
  • Levels of service
  • Types of service
  • Proximity of services
  • Subscription ratio for shared services
  • Activation of subscribed services
  • Organization testing
  • Changes in capability
  • Emergency response plan
  • Self assessment
  • Selection of recovery sites
  • Infrastructure
  • Skilled manpower and support
  • Critical mass of vendors and suppliers
  • Local service providers’ track records
  • Proactive local support
  • Continuous Improvement
  • ICT DR trends
  • Performance measurement
  • Scalability
  • Risk mitigation
  • Correspondence between ISO/IEC 27002:2005 and this International Standard
  • Bibliography

Standard NumberBS ISO/IEC 24762:2008
TitleInformation technology. Security techniques. Guidelines for information and communications technology disaster recovery services
Publication Date29 February 2008
Withdrawn Date26 April 2017
Normative References(Required to achieve compliance to this standard)ISO/IEC 27001:2005, ISO/IEC 27002:2005
Informative References(Provided for Information)ISO/IEC TR 18044:2004, ISO/IEC 20000-2:2005, ISO/IEC 20000-1:2005, SS 507:2004
International RelationshipsISO/IEC 24762:2008 Ed 1
DescriptorsSafety measures, Data processing, Data security, Information exchange, Management operations, Risk assessment, Business continuity, Business facilities, Communication technology, Data transmission, Information
Title in FrenchTechnologies de l'information. Techniques de sécurité. Lignes directrices pour les services de scours en cas de catastrophe dans les technologies de l'information et des communications
ISBN978 0 580 56276 1
File Size650 KB
NotesThis standard is withdrawn, following the withdrawal of the International Standard by IEC

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001
 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Access, view and download standards with multiple user access, across multiple sites with BSOL

Worldwide Standards
We can source any standard from anywhere in the world

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Customers who bought this product also bought

  • BS ISO/IEC 27031:2011
    Information technology. Security techniques. Guidelines for information and communication technology readiness for business continuity
  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS 11200:2014
    Crisis management. Guidance and good practice
  • BS EN 31010:2010
    Risk management. Risk assessment techniques