Chapter 30. Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning

For many years, business continuity has been recognized as a fundamental component of management’s role in achieving good corporate governance. This has frequently been confused with the concept of computer Disaster Recovery Planning (DRP) resulting in the responsibility of being seen as belonging to the Information Systems (IS) processing function instead of where it belongs, at the top. It is a management responsibility to ensure that an organization’s business processes that deliver value to its stakeholders will continue to function despite the occurrence of unforeseen circumstances. The Business Continuity Plan (BCP) therefore refers to those activities intended to ensure the ongoing running of the organization during a period of disruption of normal operation Information Technology (IT). DRP refers to those activities required to minimize the disruption on the organization of a loss, short to long term, of information processing facilities.

With the complex integration of IT as enabling and driving mechanisms for those business processes, it has become apparent that an organization’s Information Systems are a critical resource, although not the only resource required to ensure business continuity and even corporate survival. Thus the computer disaster recovery plan is a critical component of the overall business continuity plan and sufficient care is required in the production ...

Get Auditor’s Guide to Information Systems Auditing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.