ABSTRACT
The data center manager and EDP auditors should perform a business impact analysis to identify whether the organization should invest financial and human resources in developing a disaster recovery plan capability. A disaster recovery plan is defined for the purposes of the chapter as a plan of action that details the duties, responsibilities, and tasks to be undertaken by personnel in the recovery of the information processing function in the event of a disaster. If critical application and other applications links were severed during the disaster recovery period and had not been considered in the planning, it is highly likely that the recovery process is in danger of failing. The EDP auditor should collate the estimates of value for hardware, software, and data for the report to management. To ensure that management understands the need to consider investing resources in a disaster recovery plan, the data center manager and the EDP auditor need to perform a business impact analysis.
