Abstract
The importance of business continuity and disaster recovery (BC/DR) plans has grown considerably in the recent years, becoming a well-established practice to achieve organization’s resiliency. There are several applicable standards, like BS 25999-1:2006, sets of guidelines and best practices in this field. BC/DR plans are typically text documents and exercising is still the main measure used to verify them. On the contrary, to the common practice we suggest to model BC/DR plans as business processes using ARIS methodology and models, which have proven successful in the Enterprise Resource Planning systems projects. This provides uniform representation of BC/DR plans that can be applied across the whole distributed organization, strengthens the efficiency of traditional manual analysis techniques like walk-throughs, helps to achieve completeness, consistency and makes possible computer simulation of BC/DR processes. Timing and dynamic behavior, resource utilization and completeness properties have been also defined. It is possible to analyze them with computer support based on proposed ARIS model of BC/DR plan.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
BSI: Standard BS 25999-1:2006. Business continuity management. Code of practice, http://www.bsi-global.com
ISO/IEC: Information technology – Service management – Part 1: Specification (ISO 20000-1), Part 2: Code of practice (ISO 20000-1). ISO/IEC (2005)
ITGI: COBIT 4.1: Control Objectives for Information and related Technology. IT Governance Institute (2007)
NFPA: NFPA 1600 – Standard on Disaster/Emergency Management and Business Continuity Programs. National Fire Protection Association (2007)
Swanson, M., et al.: Contingency Planning Guide for Information Technology Systems, Recommendations of the National Institute of Standards and Technology, pp. 800–834. NIST Special Publication (June 2002)
Snedaker, S.: Business Continuity and Disaster Recovery for IT Professionals. Elsevier, Amsterdam (2007)
Barbara, M., et al.: Effective Strategies to Ensure Business Continuity/Disaster Recovery. Dr. Mueller.Verlag
Thejendra, B.: Disaster Recovery and Business Continuity. IT Governance Ltd (2007)
Nelson, K.: Examining Factors Associated with IT Disaster Preparedness. In: Proceedings of the 39th Hawaii International Conference on System Sciences (HICSS 2006), p. 205b. IEEE, Los Alamitos (2006)
Zambon, E., et al.: A Model Supporting Business Continuity Auditing & Planning in Information Systems. In: Second International Conference on Internet Monitoring and Protection (ICIMP 2007), pp. 33–33. IEEE, Los Alamitos (2007)
Kepenach, R.: Business Continuity Plan Design. 8 Steps for Getting Started Designing a Plan. In: Second International Conference on Internet Monitoring and Protection (ICIMP 2007), p. 27. IEEE, Los Alamitos (2007)
Cloth, L., Haverkort, B.R.: Model Checking for Survivability! In: Proceedings of the Second International Conference on the Quantitative Evaluation of Systems (QEST 2005), pp. 145–154. IEEE, Los Alamitos (2005)
Hayes, P., Hammons, A.: Picking up the Pieces: Utilizing Disaster Recovery Project Management to Improve Readiness and Response. In: IEEE Industry Applications Magazine, November/December 2002, pp. 27–36. IEEE, Los Alamitos (2002)
Scheer, A.W.: ARIS – Business Process Frameworks. Springer, Heidelberg (1999)
Scheer, A.W., et al.: Business Process Automation. Springer, Heidelberg (2004)
Weske, M.: Business Process Management: Concepts, Languages, Architectures. Springer, Berlin (2007)
University of California: Disaster Prevention, Preparedness and Recovery Plan, http://palimpsest.stanford.edu/bytopic/disasters/plans/ucdaviis_disasterplan2004.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zalewski, A., Sztandera, P., Ludzia, M., Zalewski, M. (2008). Modeling and Analyzing Disaster Recovery Plans as Business Processes. In: Harrison, M.D., Sujan, MA. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2008. Lecture Notes in Computer Science, vol 5219. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87698-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-87698-4_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87697-7
Online ISBN: 978-3-540-87698-4
eBook Packages: Computer ScienceComputer Science (R0)