Regulatory Framework for Disaster Recovery Planning for the ICT Industry



Similar documents
It also provides guidance for rapid alerting and warning to key officials and the general public of a potential or occurring emergency or disaster.

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Guidelines on Disaster Recovery Planning for the ICT Industry. Kingdom of Saudi Arabia

EMERGENCY MANAGEMENT POLICY

Workforce Solutions Business Continuity Plan May 2014

INCIDENT RESPONSE MANAGEMENT PLAN DECEMBER 2015

Emergency management in Cardiff. A practical guide

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

STATE SUPPORT FUNCTION ANNEX 2 COMMUNICATIONS

Chapter I: Fundamentals of Business Continuity Management

Niagara Region Emergency Management Plan

Consultation Paper. Communications and Information Technology Commission

Business Continuity Management. Policy Statement and Strategy

Disaster Recovery Planning Procedures and Guidelines

BUSINESS CONTINUITY PLANNING

Appendix 3 Disaster Recovery Plan

BUSINESS CONTINUITY PLAN

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

How To Write A National Radio Plan

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/64/L.43 and Add.1)]

13. Lifeline utilities

EMERGENCY RESPONSE PLAN SUMMARY PRESENTATION

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

Kuala Lumpur, Malaysia, May Report

National Cyber Security Policy -2013

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

D2-02_01 Disaster Recovery in the modern EPU

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Emergency Management for Small Community Leaders. Establishing Local Emergency Priorities and Managing the Local Emergency Response

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

PBSi Business Continuity Planning

FORMULATING YOUR BUSINESS CONTINUITY PLAN

Identify and Protect Your Vital Records

Business Continuity Planning in IT

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

UNION COLLEGE INCIDENT RESPONSE PLAN

Emergency Preparedness Guidelines

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Verizon, 911 Service and the June 29, 2012, Derecho

How To Ensure That Non-Peoplesoft Applications Can Withstand Adverse Events

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

Emergency Response Plan

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

Business Continuity Management Group Policy

Why Crisis Response and Business Continuity Plans Fail

ESF 02 - Communications Annex, 2015

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

MAJOR PLANNING CONSIDERATIONS CHECKLIST

Kuwait Government Initiative for ICT Disaster Response

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Best Practices in Disaster Recovery Planning and Testing

Business Continuity Management Policy

Contingency Planning Guide

Business Continuity Management

Business Continuity Management Policy and Plan

Attachment N CPIC Vendor Resiliency Business Continuity Planning Questionnaire

Business Continuity Management

Business Continuity & Disaster Recovery

Offsite Disaster Recovery Plan

UNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES

SAMPLE IT CONTINGENCY PLAN FORMAT

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Disaster Recovery Planning

OREGON STATE UNIVERSITY MASTER EMERGENCY MANAGEMENT PLAN

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Business Continuity & Recovery Plan Summary

SCHEDULE 25. Business Continuity

Department of Defense INSTRUCTION. Reference: (a) DoD Directive , Defense Continuity Programs (DCP), September 8, 2004January 9, 2009

Comparison of Joint Commission and Healthcare Facilities Accreditation Program (HFAP) Emergency-Related Standards for Hospitals.

ESF 12: Energy & Utilities

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

How To Manage A Disruption Event

Continuity of Operations Plan Template

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

Continuity of operations for critical infrastructure. Disclosure of critical information to the government.

LAW ENFORCEMENT ESF 16

UNIVERSITY OF CALIFORNIA, MERCED EMERGENCY NOTIFICATION SYSTEM (UCMAlert)

BUSINESS CONTINUITY PLAN (TEMPLATE)

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Transcription:

Regulatory Framework for Disaster Recovery Planning for the ICT Industry Kingdom of Saudi Arabia Regulatory Framework for Disaster Recovery Planning for the ICT Industry Page 1 of 6

1. INTRODUCTION 1.1 Pursuant to the provisions in the Telecommunications Act (Act) and the Telecommunications Bylaw (Bylaw) related to safeguarding the public interest and user interest, CITC has analyzed the current situation in the Kingdom of Saudi Arabia (KSA) to assess the Disaster Preparedness and Recovery planning of the Facilities Based Providers (FBPs). It is found that there is a necessity to establish comprehensive Disaster Recovery plans to ensure the continuity of essential facilities as well as to implement the provisions related to facilitating emergency communication users. 1.2 Communications infrastructure is among the first to get severely damaged in disasters, making communication very difficult or impossible. Therefore emergency communication facilities are essential. 1.3 Preparedness is critical to the Disaster Recovery (DR) in order to mitigate the adverse impact on life and property. 1.4 Development of a Regulatory Framework is required for better Disaster Preparedness and Recovery planning and ensuring that the FBPs are able to accomplish their obligations through a consistent approach and in line with international best practices. The Regulatory Framework shall cover the following important aspects of disaster planning: 1.4.1 Preparedness planning like backup power supplies, spare network capacity and redundancy in networks, to mitigate impact of potential disasters. 1.4.2 Setting up Disaster Recovery plans. 1.4.3 Enabling emergency communications during disasters, like the communications among authorities, among authorities and users, and among users themselves. 1.5 The Ministry of Communications and Information Technology (MCIT) and CITC are responsible for DR supervision and coordination in the ICT industry, to ensure best Disaster Preparedness for such cases, and support the First Level Responders (FLRs) in their DR efforts. Regulatory Framework for Disaster Recovery Planning for the ICT Industry Page 2 of 6

2. REGULATORY FRAMEWORK The Regulatory Framework establishes the roles and responsibilities of the various players - the MCIT, CITC and the FBPs - for DR in the ICT industry. 2.1 Definitions The words and expressions defined in CITC Statutes shall have the same meaning when used in this document. The following words and expressions shall have the meaning assigned to them below, unless the context says otherwise: ICT means Information and Communications Technology sector. Disaster means an emergency situation that could cause damage or lead to it, or could lead to, a business and services interruption, disruption, loss, incident or crisis that affects a significant number of people. Disaster Preparedness planning means putting in place procedures to increase resilience of the network and other infrastructure to confront any disaster and mitigate its potential impact. Disaster Recovery (DR) planning means putting in place procedures to be undertaken to restore normalcy of operations in the aftermath of disasters. This includes identifying the recovery strategies for all critical business functions, establishing recovery management organization and process, and creating recovery plans for various levels of business functions. Facilities Based Provider (FBP) means a service provider who builds, owns and operates a public telecommunication network. First Level Responders (FLRs) are those agencies that are normally immediately involved in rescue and recovery operations at the disaster site(s). The first level responders typically include civil defense, public security and healthcare providers. The final list of FLRs will be defined at a later stage in coordination with the Civil Defense. Resilience means the ability of an organization, staff, system, network, activity or process to absorb the impact of a business interruption, disruption and/or loss; and ensure continuity of basic services to the end user. ICT DR Committee: is an advisory body led by the CITC and represented by the FBPs. The ICT DR Committee shall coordinate the DR Plans of FBPs and provide the necessary recommendations to CITC on various DR related issues. Regulatory Framework for Disaster Recovery Planning for the ICT Industry Page 3 of 6

2.2 Responsibilities of the Various Players for DR Planning in the ICT Industry 2.2.1 The MCIT has the following responsibilities in accordance to Article 25 of the General Plan to implement the Civil Defense tasks: a) Ensure that the concerned parties (CITC and FBPs) are taking the necessary procedures and actions to ensure the continuous provision of telecommunication services throughout the KSA under all circumstances and conditions; devise plans, regulations and arrangements to achieve this purpose. b) Establish a regulation to take advantage of communication services to alert users of potential danger and its end, as well as to spread awareness messages to users. c) Take all the necessary procedures to protect their properties, and to intensify security guarding procedures. 2.2.2 The CITC shall undertake the following responsibilities: a) Take necessary procedures and actions to ensure the continuous provision of ICT services throughout the KSA under all circumstances and conditions; devise plans, regulations and arrangements to achieve this purpose. b) Take all the necessary procedures to protect their properties, and to intensify security guarding procedures. c) Ensure that all the FBPs, carry out their responsibilities during any disaster, and take necessary actions to ensure compliance with the responsibilities listed in this regulatory framework. d) Issue guidelines on DR planning. e) Set a timetable for the FBPs for the development, update and approval of DR plans. f) Monitor the DR plan tests of any FBP. g) Instruct any of the FBPs regarding resource sharing with other FBP(s) in all circumstances required for public safety. h) Allocate the spectrum for emergency communications equipment. Regulatory Framework for Disaster Recovery Planning for the ICT Industry Page 4 of 6

i) Coordinate with the concerned authorities to receive authorized disaster warning messages and notify these to the FBPs for immediate broadcast. 2.2.3 The ICT DR Committee shall undertake the following responsibilities: a) Establish coordination and resource sharing agreements among the FBPs for better disaster management. b) Provide recommendations to the CITC on various issues related to Disaster Recovery. c) Identify procedures to spread awareness about correct usage of telecommunication services by users during disasters. d) Coordinate with the concerned party for the support of humanitarian relief and assistance organizations. e) Coordinate with the various FLRs to facilitate the accomplishment of their DR activities. 2.2.4 Each FBP shall undertake the following responsibilities: a) Develop and update its DR plans, and submit them to CITC for approval. These DR plans shall be tested at least once every two years. b) Develop and implement procedures to improve Disaster Preparedness and notification using the guidelines issued by the CITC. The procedures implemented shall be detailed in the DR planning report to be submitted to CITC. c) Establish repair teams that can be quickly deployed in the aftermath of a disaster for rapid restoration and repair of any damaged telecommunication facilities. d) Design and implement campaign to create corporate awareness to ensure successful DR. e) Identify one representative from the Senior Management to manage and implement DR plans. This representative shall also represent the FBP in the ICT DR Committee. f) Secure all necessary facilities and installations required for DR. g) Provide an annual report on DR planning to CITC. Regulatory Framework for Disaster Recovery Planning for the ICT Industry Page 5 of 6

h) Notify CITC of any outage, and provide status updates till service is restored, in accordance to notification procedures issued by CITC in this regard. i) Broadcast authorized warning messages. j) Identify procedures to spread awareness about correct usage of telecommunications services by users during disasters. Regulatory Framework for Disaster Recovery Planning for the ICT Industry Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information