• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / How does IT recovery planning differ from business continuity planning?

By Jeffrey Sherman, MBA, FCPA, FCA | 3 Minutes Read August 4, 2015

How does IT recovery planning differ from business continuity planning?

backuprestoreBackup and disaster planning should be evaluated as part of an organization’s overall risk management process. There are two elements to disaster planning:

  • Business continuity planning—Ensures the availability of critical business resources (including the IT processes that support them)
  • IT recovery planning—Ensures the availability of critical IT resources

In the event of a disaster, management must know:

  • Where the disaster recovery plan documents are located
  • Which employees must be contacted immediately
  • The skill sets needed to continue critical business processes
  • Which service providers and other outside agencies may be contacted to provide emergency assistance and services
  • What information needs to be imparted to customers and clients regarding changes to business processes that will be followed during the disaster recovery period

The role of IT in business continuity planning continues to grow as organizations become more dependent on automated systems and instantaneous responses in routine operations. For example, retail customers increasingly expect almost instant transaction processing, payment approval, and order fulfilment feedback. Business customers expect immediate information about inventory availability and order tracking. The success of a business is often determined by automated, IT-driven response times.
The following chart shows the relationship between business continuity planning and information technology recovery planning.

Business continuity planning Information technology recovery planning
To ensure that critical business processes can continue, or be resumed promptly, in the event of significant disruption to normal business operations To ensure that critical infor­ma­tion systems processing func­tions can continue or be resumed promptly in the event of significant disruption to normal computer operations
Responsibility Business units Service providers of computer operations and systems support
Focus Critical business process continuity and recovery Continuity and recoverability of supporting IT resources
Cost/benefit considerations Cost of providing continuity and recoverability should be commensurate with the risk of unavailability
Resources addressed
  • Space, furniture, equipment
  • People (staff)
  • Communications not covered by IT
  • Supplies
  • Support services
  • PCs, desktops, notebooks
  • Servers, centralized IT equipment
  • LAN/WAN infrastructure
  • Routers, hubs, network, etc.
Documentation required Business unit recovery plans, in as much detail as practicable IT recovery plans, in as much detail as practicable
Testing Critical business process recovery IT resource recovery

Your disaster recovery team

Disaster recovery planning (DRP) for IT processes must be driven from the top. It can be a challenge for busy employees to focus on disaster planning issues. Accordingly, the planning process must be led by IT professionals who have been given a clear mandate and the required resources by executive management. The disaster planning team (DPT) will work with employees directly involved in developing, implementing, and executing IT applications, and with other employees as required, to develop the plan.
A disaster planning team (DPT) should be established with a clear mandate regarding:

  • The team members, and their specific roles
  • Additional resources provided from each company IT site to develop that site’s disaster recovery plan (DRP)
  • Specific expected deliverables
  • The schedule for completion of each site’s DRP
  • The percentage of each DPT member’s time to be devoted to the development of the DRP to meet the required schedule, since a full-time DPT may be difficult to justify
  • What constitutes satisfactory testing of a site’s DRP

If insufficient resources are available to develop a DRP within the required schedule, the company may consider hiring contract personnel to establish the initial DRP under the direction of the company DPT leader. It may also choose to hire a professional consultant to develop the DRP with more limited involvement of the company’s IT staff.
Because a disaster can affect not only IT processes but also other critical processes, an IT disaster recovery plan must be developed as part of an overall organizational DRP. This overall plan should consider:

  • Employee and customer communications
  • Office and manufacturing space and furniture
  • Personnel accommodation (e.g., temporary housing)
  • Transportation
  • Electrical power supplies
  • Telephone systems
  • Food supply and preparation
  • Relief personnel to handle additional workloads during the recovery process

Information Technology PolicyProLearn more about IT recovery planning in Information Technology PolicyPro co-published by CPA Canada and First Reference.

  • About
  • Latest Posts
Jeffrey Sherman, MBA, FCPA, FCA
CFO at Atrium Mortgage Investment Corporation (TSX:AI)
Jeffrey is CFO of Atrium Mortgage Investment Corporation (TSX:AI), a director of several companies and has had over 20 years of executive management experience. His interests include corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Jeffrey is a popular presenter, and was an adjunct professor at York University for 15 years. He is a frequent course director and course author for many organizations, including provincial bodies of Chartered Professional Accountants across Canada.

He has written over 20 books including: Canadian Treasury Management, Canadian Risk Management, and Financial Instruments: A Guide for Financial Managers (all published by Thomson-Reuters/Carswell), as well as Finance and Accounting PolicyPro and Information Technology PolicyPro (guides to governance, procedures, and internal control), and Cash Management Toolkit for Small and Medium Businesses (all published by Chartered Professional Accountants of Canada [CPA Canada]).
Latest posts by Jeffrey Sherman, MBA, FCPA, FCA (see all)
  • How does IT recovery planning differ from business continuity planning? - August 4, 2015
  • How to manage bank accounts: the basics - July 6, 2015
  • Refresher on financial statistics and metrics - April 6, 2015

Article by Jeffrey Sherman, MBA, FCPA, FCA / Business, Information Technology, Privacy / Business continuity, business continuity planning, critical business processes, disaster planning team, disaster recovery plan, disaster recovery team, Information technology recovery planning, IT recovery planning, risk management

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Jeffrey Sherman, MBA, FCPA, FCA

Jeffrey is CFO of Atrium Mortgage Investment Corporation (TSX:AI), a director of several companies and has had over 20 years of executive management experience. His interests include corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Jeffrey is a popular presenter, and was an adjunct professor at York University for 15 years. He is a frequent course director and course author for many organizations, including provincial bodies of Chartered Professional Accountants across Canada.

He has written over 20 books including: Canadian Treasury Management, Canadian Risk Management, and Financial Instruments: A Guide for Financial Managers (all published by Thomson-Reuters/Carswell), as well as Finance and Accounting PolicyPro and Information Technology PolicyPro (guides to governance, procedures, and internal control), and Cash Management Toolkit for Small and Medium Businesses (all published by Chartered Professional Accountants of Canada [CPA Canada]).

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy