Governance usually occurs at different organizational strata, with activities flowing from processes, with processes linking up to systems, and programs receiving objectives from the entity’s oversight committee through established reporting lines. Alternatively or simultaneously, designated technological resources may provide information directly to the entity’s oversight committee for critical programs, systems, or processes. Nevertheless, IT availability is generally accepted as an information security governance (ISG) domain. Therefore, the ISG program should provide guidelines aiding management in understanding the importance of, and promote the development of, an entity-wide BCP. Proactively, an ISG program should address business continuity and availability requirements integration during system development projects.
“View Part I of the Business Continuity and IT Availability series here“