CHAPTER THIRTY
Protection of the Information Technology Architecture and Assets: Disaster-Recovery Planning
FOR MANY YEARS, business continuity has been recognized as a fundamental component of management’s role in achieving good corporate governance. This has frequently been confused with the concept of computer Disaster-Recovery Planning (DRP) resulting in the responsibility of being seen as belonging to the Information Systems (IS) processing function instead of where it belongs, at the top. It is a management responsibility to ensure that an organization’s business processes that deliver value to its stakeholders will continue to function despite the occurrence of unforeseen circumstances. The Business-Continuity Plan (BCP) therefore refers to those activities intended to ensure the ongoing running of the organization during a period of disruption of normal operation Information Technology (IT). DRP refers to those activities required to minimize the disruption on the organization of a loss, short to long term, of information-processing facilities.
With the complex integration of IT as enabling and driving mechanisms for those business processes, it has become apparent that an organization’s Information Systems are a critical resource, although not the only resource required to ensure business continuity and even corporate survival. Thus the computer disaster recovery plan is a critical component of the overall business continuity plan and sufficient care is required in the ...
