Comments on: Security Manager’s Journal: Budget ax falls on disaster recovery http://www.rothstein.com/blog/security-managers-journal-budget-ax-falls-on-disaster-recovery/ A Business Continuity Weblog Wed, 18 Aug 2010 09:58:25 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: travisk http://www.rothstein.com/blog/security-managers-journal-budget-ax-falls-on-disaster-recovery/comment-page-1/#comment-67 travisk Thu, 22 Jan 2009 14:51:46 +0000 http://www.rothstein.com/blog/?p=1876#comment-67 JF -Thanks for sharing your story. I liked the fact that your are including disaster recovery considerations as part of the project management process. I believe that's the perfect spot, however I would add to that by performing a mini-BIA and risk assessment process with the the Business process owners (BPOs) as part of the initial requirements definition part of project management process. Get the facts and let the BPOs define their business recovery requirements and justify their business continuity in their business terms. Let the BPO make the decision as to how to classify their system (tier recovery). Remember there is a cost to do DR (preparedness) and the is a cost for not (Impact and consequences). As long as the Executive Management gets the right information, then its up to them to make the right business decision. IT is just the means to an end. I would recommend an ongoing annual refresh of a company-wide BIA and Risk assessment . Once you have the base information for each business unit - they would be responsible for reviewing for updates and changes, your just administering the process. To me, its always about making the business case. Once management knows the risks its a business decision to either accept the risk or remediate the risk. My experience is that if you can make the business case, then you will get the money. Ken Travis JF -Thanks for sharing your story. I liked the fact that your are including disaster recovery considerations as part of the project management process. I believe that’s the perfect spot, however I would add to that by performing a mini-BIA and risk assessment process with the the Business process owners (BPOs) as part of the initial requirements definition part of project management process. Get the facts and let the BPOs define their business recovery requirements and justify their business continuity in their business terms. Let the BPO make the decision as to how to classify their system (tier recovery). Remember there is a cost to do DR (preparedness) and the is a cost for not (Impact and consequences). As long as the Executive Management gets the right information, then its up to them to make the right business decision. IT is just the means to an end. I would recommend an ongoing annual refresh of a company-wide BIA and Risk assessment . Once you have the base information for each business unit – they would be responsible for reviewing for updates and changes, your just administering the process. To me, its always about making the business case. Once management knows the risks its a business decision to either accept the risk or remediate the risk. My experience is that if you can make the business case, then you will get the money. Ken Travis

]]>