Although often referred to as disaster recovery plans, controls to ensure service continuity should address the entire range of potential disruptions. These may include relatively minor interruptions, such as temporary power failures, as well as major disasters, such as fires or natural disasters that would require reestablishing operations at a remote location, and may also include errors, such as writing over a critical file. If controls are inadequate, even relatively minor interruptions can result in data lost or incorrectly processed data — which could cause financial losses, expensive recovery efforts, and inaccurate or incomplete information. For some operations, such as those involving health care or safety, system interruptions could also result in injuries or loss of life.
“View Part I of the Auditing Business Continuity and Disaster Recovery series here“