| Readiness Audit |
: |
The
determination whether the resources for business recovery
are currently available. |
| Reciprocal Agreement |
: |
A
mutual aid agreement between two departments, divisions,
or agencies wherein each agrees to provide backup data
processing support to the other in the event of a disaster.
These require a substantial degree of hardware and software
compatibility between the supporting and supported partners.
The supporting partners must have the excess capacity
to accommodate the sending partner’s most critical
applications. These agreements are seldom successful
and many auditors to not recognize them as viable disaster
recovery strategies. |
| Record Retention |
: |
Storing
historical documentation for a set period of time, usually
mandated by state and federal law or the Internal Revenue
Service. |
| Recovery Action
Plan |
: |
The
comprehensive set of documented tasks to be carried
out during recovery operations.
|
| Recovery Alternative |
: |
The
method selected to recover the critical business functions
following a disaster. In data processing, some possible
alternatives would be manual
processing, use of service bureaus, or a backup site
(hot or cold site). A recovery alternative is usually
selected following either a risk analysis, business
impact analysis, or both. |
| Recovery Capability |
: |
This
defines all of the components necessary to perform recovery.
These components can include a plan, an alternate site,
change control process,
network rerouting and others. |
| Recovery Management
Team |
: |
A
group of individuals responsible for directing the development
and ongoing maintenance of a disaster recovery plan.
Also responsible for declaring a disaster and providing
direction during the recovery process. |
| Recovery Planning
Team |
: |
A
group of individuals appointed to oversee the development
and implementation of a disaster recovery plan. |
| Recovery Point
Objective (RPO) |
: |
The
point in time to which data must be restored in order
to resume processing transactions. RPO is the basis
on which a data projection
strategy is developed. |
| Recovery Strategy |
: |
The
method selected by an organization to recover its critical
business functions following a disaster. Possible strategies
for recovering from an event which degrades or halts
scheduled data processing services delivery are:
1. Revert to manual procedures.
2. Temporarily suspend data processing operations
to effect
recovery on-site.
3. Contract with a service to provide essential data
processing
operations from that location.
4. Transfer essential data files and applications
from off-site
storage to a hot-site facility
and begin processing from the hot
site.
|
| Recovery Time |
: |
The
period from the disaster declaration to the recovery
of the critical functions. |
| Redundancy |
: |
Providing
two or more resources to support a single function or
activity with the intention that if one resource fails
or is interrupted, an alternate resource will immediately
begin to perform the function. |
| Remote Access |
: |
The
ability to use a computer system, generally a mainframe,
from a remote location, generally by common phone lines. |
| Remote Journaling |
: |
The
process of recording the product of a computer application
in a distant data storage environment, concurrently
with the normal recording of the product in the local
environment. May be periodic or continuous. |
| Restoration |
: |
The
act of returning a piece of equipment or some other
resource, to operational status. Commercial service
companies provide a restoration service with staff skilled
in restoring sensitive equipment or large facilities. |
| Resumption |
: |
The
process of planning for and/or implementing the recovery
of critical business operations immediately following
an interruption or disaster. |
| Risk |
: |
The
potential for harm or loss. The chance that an undesirable
event will occur. |
| Risk Analysis/Assessment |
: |
The
process of identifying and minimizing the exposures
to certain threats which a organization may experience. |
| Qualitative Risk
Analysis |
: |
The
relative measure of risk or asset value by using subjective
terms such as low, medium, high, 1-10, not important,
very important, etc. |
| Quantitative
Risk Analysis |
: |
Using
objective statistical data to measure risk, asset value
and probability of loss. |
| Risk Management |
: |
The
discipline which ensures that an organization does not
assume an unacceptable level of risk. |
