During IT Continuity planning we must be well aware of all the IT components which may impact the operation of any particular service. (The collection of all such information as well as the modeling of the IT performance fall within the scope of our Enterprise Architecture service.)

We should know and understand all the operational threats related to the service which is synthesized as a result of these components and their co-operation. These threats may be identified in a risk assessment.

A good IT Continuity Plan strikes and maintains the right balance between the risk of the probability of a threat and its possible impact, and the costs of the protective measures required to be put in place to prevent such threats from happening.

There may be risks against which the company cannot or simply chooses not to implement any type of safeguard. When such threats actually occur, they are managed as disasters. The processes or set of procedures to manage disasters, or in other words to recover normal business operations are defined and described in the Disaster Recovery Plan (DRP).