We look into policies, practices, and procedures at the organizational, information system, and personnel level:

• Risk management: BCDR specifically seeks to manage the risk associated with the outage of critical business services. It is however recommended that the BCDR risk management activities be part of a more holistic risk management program that is part of a mature information security program. In this way, the information security program can address BCDR concerns throughout the risk management life cycle.
• Policies and strategies: Policies and strategies are the outputs that you will develop that will help you ensure that your business can continue to function in the event of a disaster. These policies and strategies should address how the organization will respond to a disaster.