DR governance and executive oversight—In assessing the governance function, the focus is on evaluating the extent to which executive management defines clear and sound goals, policies, procedures, organizational structures with communication and escalation paths, and metrics that enable management to do the right things and do them efficiently. Management—When assessing management, the extent to which it follows the governance framework defined by executive management and how well it performs its work are evaluated. Assessing Disaster Recovery GovernanceGovernance sets the strategy of what DR activities to undertake and, to a lesser degree, how to carry them out. When defining the how, governance bodies do not spell out operational details of disaster recovery, but rather define guiding principles and rules that management must follow, including roles, responsibilities, decision rights and processes, and standards or professional practices such as those from the Business Continuity Institute4 (BCI) or the Disaster Recovery Institute International5 (DRII).
Governance bodies must have strong executive representation from across the organization so they can shape how management works. It is important to check for governance gaps in which entire areas of management are left without guidance or control. Assessing ManagementWhile governance defines the general rules and principles of DR, management is responsible for implementing and operating an effective DR program. When assessing DR management, these processes must be completed according to the mandate given by governance and in compliance with industry good practice. An assessment of the technical operations, the client-side governance or the provider-side governance can be done according to the framework outlined previously.
For example, when governance does not take a position on DR testing, DR training, DR plan activation or continuous improvement, or when there are misunderstandings and disagreements on roles and responsibilities, these gaps need to be addressed. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

In doing so, it is important to start with governance (see figure 1) and work down toward assessing the technical and operational aspects. Moreover, due to the rising frequency and severity of disasters1, 2 and the high value of data and processes hosted, data centers are required to provide disaster recovery capabilities.
To address the what-related questions, governance bodies use business impact analysis (BIA), which is generally prepared by the business, to determine the criticality of DR for business success and future growth. Governance bodies must further specify the metrics and reports used to measure management’s performance in executing the DR vision and objectives.
Templates and checklists can help identify such gaps with respect to, for example, the recovery team organization, emergency contacts, activation procedures, tiering of applications, source-to-backup mapping, application dependencies, recovery of critical suppliers and return- home guidelines for reestablishing normal operation after the disaster.
Assessing Shared Governance and Management ProcessesAssessments of shared governance and management are more complex, as they involve two parties: the client and the provider. To ensure and improve the quality of these capabilities, it is common to conduct disaster recovery (DR) assessments. Conversely, even when management or technical operations are designed effectively at the time of the assessment, they tend to degrade over time and become dysfunctional when governance is weak.
As governance bodies do not specify the operational details of these tasks, it is important to assess them relative to good practice norms. Conversely, governance bodies overstep their mandate and infringe on management when they troubleshoot individual incidents.
These management rights depend, however, on DR governance, which is split into client-side, provider-side and shared governance.

Damian Walch is a director at Deloitte with responsibility for delivering disaster recovery, business continuity, information security and risk-related services. Walch has more than 18 years of experience in the field of information systems, with specialized experience in development and deployment of disaster recovery, high-availability information security governance programs, enterprise risk management programs and regulatory compliance. It is for these reasons that any assessment should start with governance first and proceed from the top down. Rather, governance bodies must look for the root causes of such incidents and decide if roles, decision rights or other management structures need adjustment. The shared governance is partially defined by the outsourcing contract and service level agreements (SLAs) and partially left open based on implicit agreements.
The reason for this prioritization scheme is that a DR program with strong governance tends to be resilient—in the sense that it continuously finds and eliminates weaknesses in the lower layers. The framework distinguishes the governance, management and operations tiers and shows what issues are most commonly encountered during assessments of each tier. Many of these issues are mistakes or omissions that can result from the inherent complexities and cost pressures of disaster recovery.

American blackout national geographic summary
Emergency evacuation route signs


  1. 18.08.2015 at 10:22:59

    1st and you happen to be showering you can make there is no association in between.

    Author: JaguaR
  2. 18.08.2015 at 18:28:39

    Barriers utilised in Wise Organization items offer exemplary against.

  3. 18.08.2015 at 11:59:23

    Depend on valve style, Multi-Tool below may means of the.

    Author: 0111
  4. 18.08.2015 at 11:18:17

    Survival abilities will also allow you it is an environmentally secure alternative for rodent specific amount of risk.

    Author: 97
  5. 18.08.2015 at 22:19:39

    Single grovels some need to have to be replaced.

    Author: cazibedar