In writing these pages, the following assumptions have been made:
- Any Disaster Recovery Plan contains the procedures for restoring IT components, telephony and information following a disruptive event.
- Information refers to electronic information e.g. application files, data within databases, data on CD, DVD or memory stick etc.
- ICT and Information Security are functions. As such, they are not necessarily managed by a single department (ICT).
- Preventative risk controls (proactive measures to reduce the likelihood of a disruptive event) are outside the scope of this document. Instead, they are fed back into the classical Risk Management model.