Page 570 - ITGC_Audit Guides
P. 570
GTAG — Appendix
Organization/Governing Body Standard Description of Standards
U.S. Office of the Comptroller Bulletin 97-23 Corporate Business Resumption and Contingency
of the Currency (OCC) Bulletins Planning
apply to financial service functions
— specifically, to IT issues Bulletin 2001-14 Resilience
Bulletin 2003-18 Business Continuity Planning and Supervision of
Technology Providers
New York Stock Exchange Joint Interagency White Paper published by the U.S.
(NYSE) / Financial Industry Securities and Exchange Commission, Office of the
Regulatory Authority (FINRA) Comptroller of the Currency, and Board of Governors
of the Federal Reserve System on Sound BCP
Practices http://www.sec.gov/news/press/studies/2006/
soundpractices.pdf
American National Standards ANSI / ARMA 5 Vital Records Program (identification, management,
Institute (ANSI) and recovery of business critical records) (2003).
ARMA: American Records Management Association
American Society for ASIS GDL BC 10 Business Continuity Guideline: A practical approach
Industrial Security (ASIS) to emergency preparedness, crisis management, and
disaster recovery (2004 draft)
U.S. National Institute of Standards NIST SP 800-34,45 Contingency Planning Guide for IT Systems (2002)
and Technology (NIST)
U.S. National Fire Protection NFPA 1600 Standard on Disaster / Emergency Management
Association (NFPA) and Business Continuity Programs (referenced as a
standard for BCP)
9.3 BCM Capability Maturity Model
Although the following BCM Capability Maturity Model
does not match precisely to this GTAG, it is consistent with
both the GTAG and BC industry practices and standards. It
is provided solely as an example of one way to evaluate the
maturity of a BC program.
Source: Protiviti Inc. (www.protiviti.com). Adapted from
the “Capability Maturity Model: Guidelines for Improving
the Software Process,” Carnegie Mellon University Software
Engineering Institute, 1994.
23
