Business Continuity and Disaster Recovery
This chapter covers Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) considerations for cloud computing. The first section covers the main points of BCP and DRP as they apply to all environments. These points apply whether or not the organization is utilizing cloud computing services. The second section presents options for using cloud services to augment or replace traditional disaster recovery strategies. The third section introduces the new issues to include in DRP when using cloud services. Each section includes key points for auditors to emphasize when assessing an organization's BCP and DRP posture.
Business Continuity Planning and Disaster Recovery Planning Overview
This section outlines the basic concepts of BCP and DRP. These concepts, including audit considerations, apply to all environments, whether on-premises or cloud-based.
The purpose of BCP is to enable an organization to withstand a disruptive event and continue in business. In BCP, the organization must identify its critical business deliverables—the products and services it sells—and the business processes and resources (especially people, facilities, and equipment) that enable producing these deliverables. The organization must also identify the dependencies among its critical business processes and its dependencies on business partners such as suppliers. The first point to emphasize is to think of the business ...