Directly, an entity’s DRP has a significant affect on the viability of IT and information security governance programs. Indirectly, IT and information security governance programs may impact stakeholder assessed entity value. Regardless of organizational formation — corporation, partnership, co-operative, or agency — management has a generally accepted duty to plan and enact strategies permitting the entity’s survival under less than idealistic conditions. Literally, adequate business continuity management (BCM) requires securing assets that offset catastrophic events. Therefore, management should ensure ‘best practices’ DRP is deployed within the IT and information security governance frameworks as well as visibly communicate commitment expectations for sustaining a sound and effective continuity program.
“View Part I of the Business Continuity and IT Availability series here“