Mark Pitt, a fellow IT Pro member, contacted me last week and let me know that he enjoyed the IT Pro site. Thanks, Mark, for the encouragement! Mark works for an organization called the Information Security and Business Continuity Academy (IS & BCA), which studies business and security standards. Specifically, they show companies how to implement ISO standards, which are critical to business continuity and security.
Mark sent me a useful link to a summary of a standard called ISO 22301, the latest effort to outline procedures and practices that are designed to make sure businesses, well, stay in business in spite of various disasters. The new ISO 22301 standard replaces the older BS 25999-2 standard. The new standard includes new terms and procedures designed to help businesses plan for various eventualities. According to the link Mark sent me, the summary compares the new ISO 22301 standard to the older standard. New terms found in ISO 22301 include:
- Disruptive incident
- Maximum acceptable outage
- Minimum business continuity objective
- Maximum data loss
I wanted to share this link with you, because it explain the significant changes that ISO has made. Like most people, I've found ISO-based discussions to be, well, really arcane. But trust me: If your job has anything to do with any type of server or important IT-related service, this standard is relevant to you. I mean it. Your work will be impacted by this new standard, even if you don't quite realize it. Let me put it another way: You're already using ISO stuff, though few workers quite realize that they are.
Let me tell you a story about how, well, difficult ISO standards can be to read and understand, at least at first. Years ago, I wanted to purchase an ISO standard to help me create a security course. Back then, trying to purchase a standard from the ISO Web site practically required learning some sort of ritualistic, pan-European handshake. You should have seen the hoops I had to jump through just to get a copy of the document. Just obtaining the document was a painful process. And, I have to say, reading through one of these documents was about as bad as reading a bad Victorian novel: Long, dry, and full of all sorts of (seemingly) irrelevant information.
But slowly, I realized that ISO standards contribute many important things to us. First of all, they codify important procedures. They also give everyone - IT workers, managers and vendors alike - a common language to use. So, I strongly recommend that you familiarize yourself with the summary Mark provided. While I doubt that quoting from an ISO standard will gain you many friends in the IT world, understanding the concepts found in the document and then learning more about them will turn you into an expert. That's always worthwhile.
gla republican candidates mike martz hokies quadrantid norv turner jerry angelo
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.