Chapter Seven

Business Continuity and Disaster Recovery Plan

THIS CHAPTER INTRODUCES THE concept of business continuity and disaster recovery and its importance in an organization. It provides various checklists that the information systems auditor may use while conducting an audit to review the effectiveness of business continuity and disaster recovery plans. At the end of the chapter, we will be able to recognize various aspects of testing of the business continuity and disaster recovery process that should be included in an audit plan.

BUSINESS CONTINUITY AND DISASTER RECOVERY PROCESS

The business continuity and disaster recovery process comprises distinct activities that are to be undertaken by the implementing organization. It is a common error on the part of many organizations to look at the process as a business continuity exercise without recognizing the criticality of independent components. This view often leads to design and implementation of an inefficient business continuity and disaster recovery process. The business continuity and disaster recovery process usually comprises the following four components:

1. Business impact analysis
2. Incident response plan
3. Disaster recovery plan
4. Business continuity plan

BUSINESS IMPACT ANALYSIS

Business impact analysis (BIA) is the process of identifying functions that are critical for the information system as a whole or a component thereof, and assessing possible losses and adverse impact in the event such functions are ...

Get Understanding and Conducting Information Systems Auditing + Website now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.