ABSTRACT
This chapter examines some of the factors involved in setting up a credible, useful, and maintainable business continuity program. It outlines the responsibilities of information systems security personnel and information systems auditors in the Business continuity planning process. The chapter also examines the aspects of crisis development, risk management, information gathering, and plan preparation. Business continuity planning has received more attention and emphasis in the past year than it has probably had cumulatively during the past several decades. This is an opportune time for organizations to leverage this attention into adequate resourcing, proper preparation, and workable business continuity plans. Business continuity plans are a form of insurance for an organization — and, like insurance, we all hope that we never have to rely on them. How-ever, proper preparation and training will provide the organization with a plan that should hold up and ease the pressures related to a crisis.
