CHAPTER THIRTY

Protection of the Information Technology Architecture and Assets: Disaster-Recovery Planning

FOR MANY YEARS, business continuity has been recognized as a fundamental component of management’s role in achieving good corporate governance. This has frequently been confused with the concept of computer Disaster-Recovery Planning (DRP) resulting in the responsibility of being seen as belonging to the Information Systems (IS) processing function instead of where it belongs, at the top. It is a management responsibility to ensure that an organization’s business processes that deliver value to its stakeholders will continue to function despite the occurrence of unforeseen circumstances. The Business-Continuity Plan (BCP) therefore refers to those activities intended to ensure the ongoing running of the organization during a period of disruption of normal operation Information Technology (IT). DRP refers to those activities required to minimize the disruption on the organization of a loss, short to long term, of information-processing facilities.

With the complex integration of IT as enabling and driving mechanisms for those business processes, it has become apparent that an organization’s Information Systems are a critical resource, although not the only resource required to ensure business continuity and even corporate survival. Thus the computer disaster recovery plan is a critical component of the overall business continuity plan and sufficient care is required in the ...

Get Auditor's Guide to IT Auditing, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.