Security News > 2005 > September > Financial Firms Create Disaster Recovery Standards
http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104724,00.html By Lucas Mearian SEPTEMBER 19, 2005 COMPUTERWORLD Driven by a number of disasters in recent years, several financial services firms and IT vendors have joined forces to create disaster recovery and business continuity standards. The Resiliency Maturity Model Project, overseen by the New York-based Financial Services Technology Consortium, will create benchmarks and define terms for business continuity planning across all areas of a financial enterprise, said Charles Wallen, managing executive of FSTC's Business Continuity Standing Committee and the project's director. Plans to create the standards, which will also be available to companies in other industries, were announced last week by the FSTC. Wallen said recent disasters like Hurricane Katrina reaffirm the need for "strong business continuity plans and a road map for third-party providers to understand what's needed. We have to do a better job at raising the bar." Financial services companies involved in the project include CitiBank, J.P. Morgan Chase & Co., Bank of America Corp. and MasterCard International Inc. IBM, Carnegie Mellon University and Disaster Recovery Institute International are also participating. A Measure of Resiliency A MasterCard spokeswoman said her company hopes the project can help other organizations move beyond disaster recovery into organizational sustainability. "We're looking at models to measure the resiliency of an organization," she said. Wallen said the project, slated to be completed next spring, should give companies a road map to plan and measure their resiliency against a set of industry standards. Brian Finley, chief technology officer at PSSD/World Medical Inc., a $1.5 billion medical equipment supply company in Jacksonville, Fla., agreed with the need for such standards but predicted that few companies will use them to prepare for disasters. "I've seen and heard of customers that never test [disaster recovery plans]," Finley said. "Even if you create a set of standards, somebody's got to buy into those standards, and someone has to financially back the testing and documentation and the process and controls around it." PSSD is not involved in the standards project. The Resiliency Maturity Model Project is being carried out in two phases. The first, expected to be completed this month, will identify a list of disaster recovery capabilities that companies need. Pittsburgh-based Carnegie Mellon is providing the project with some maturity modeling methodologies that can identify different levels of preparedness organizations can reach. The second phase, to be completed next spring, will include benchmarks and maturity models that will let companies compare their preparedness against some 40 standard capabilities. Guillermo Kopp, an analyst at TowerGroup in Needham, Mass., said he believes the effort could lead to more business adoption of disaster recovery standards, because such frameworks can prove return on investment. "The challenge is to keep the level of attention high," he said. "These projects are not a slam-dunk. It's more of a journey." _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
News URL
http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104724,00.html