Professional Documents
Culture Documents
LaRon Walker
April, 2010
2
ABSTRACT
Any business or organization is vulnerable to the risk of a disaster occurring without warning whether
natural, accidental, or intentional. These risks create the necessity for companies to become more
proactive in disaster recovery practices and prepare for these types of unforeseen events. These
recovery strategies are very important, as they are the backbone of the business if some type of disaster
where to occur. Failure to prepare for such an event could result in the destruction of the business.
This document will discuss some of the recommended steps to plan for a disaster, and three industry
standards that can help guide the development of an effective, efficient disaster recovery plan.
3
LaRon Walker
April, 2010
When operating any business, one must always consider the risks of natural events that could
cause the loss of valuable data whether in paper or digital form. Some people believe having a backup
strategy alone is enough in the event a system or storage device crashes. However, they fail to include
the possibility of backups being corrupt or destroyed via a natural disaster, fire, or hacker attack. With
this in mind, the continuity of the business would be at risk if proper steps are not taken to ensure that
all information has a path to be recovered in a fast efficient manner. This type of preparation is
There have been many different industry standards that have been developed in the last few
years that were created to help businesses recover in the event of an unforeseen disaster. After
researching, I have found three ISO standards when used together, will cover all aspects of BCM,
including Business Continuity Planning ( BCP) and Disaster Recovery. These ISO standards are:
ISO 24762 is the standard in that focuses on Disaster recovery. The theory behind this is to help
businesses define the most critical information necessary for the business to operate in the event of a
disaster, and how this information will be backed up, stored, and retrieved whether paper or digital. In
today’s business world, it is common for companies have onsite as well as offsite storage facilities. This
ISO 27002 is the standard that focuses on security policies that involve access, assets,
communication, and operation management and also information security. This standard applies to
ISO 22399 is the standard that focuses on defining the actual BCP. Per Barr (2008), ISO22399
"Understand barriers, risks, and disruptions that may impede critical objectives;
"Evaluate residual risk and risk tolerance to understand outcomes of controls and
mitigation strategies;
"Plan how an organization can continue to achieve its objectives should a disruptive
incident occur;
"Develop incident and emergency response, continuity response and recovery response
procedures;
"Promote a cultural change within the organization that recognizes that risk is inherent
The above three industry standards together along with proper testing against various disaster scenarios
Plan (BCP). These all fall under Information Security, as Information Security not only involves
controlling access to networks and data, but also the securing of data in the sense of being recoverable,
along with proper testing practices to verify the integrity of the data. Per Ulasien (2009), the
8. Train Employees
Failure to follow any of the above steps can result in a gap in the recovery process, which in turn could
cause other parts of the continuity plan to fail, ultimately destroying the business.
Continuity Management, Planning, and disaster recovery, along with network, data, and physical access
control. When considering the future of any organization, one of the most important components that
must be addressed is proactive preparation in the event of a system, data, or building disaster. This
strategy should be frequently reviewed and tested to ensure that all techniques maintain the highest
References
Barr, J. (2008). ISO Standard for Disaster Recovery. Faulkner Information Services. Retrieved April
Ledford, J. (2010). Business Continuity for Corporate Libraries. Faulkner Information Services.
Ulasien, P. (2009). Preparing a Business Continuity for Plan. Faulkner Information Services.