crisc-d4-it-security-disaster-recovery-management

Disaster Recovery Management

isaca-crisc · framework · Gold standard

Drawn fromCRISC Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Disaster Recovery Management

Disaster Recovery Management (DRM) is the structured discipline of planning, implementing, testing, and executing the restoration of IT systems, data, and infrastructure following a disruptive event—such as ransomware, natural disaster, hardware failure, or human error. It functions as the IT execution layer within the broader Business Continuity Management (BCM) framework, governed by two foundational metrics: Recovery Time Objective (RTO)—the maximum tolerable downtime duration before business impact becomes unacceptable—and Recovery Point Objective (RPO)—the maximum acceptable age of restored data, expressed as tolerable data loss. DRM is NOT general business continuity planning (which covers people, processes, and facilities beyond IT), NOT cybersecurity incident response (which focuses on containment and forensics rather than restoration), and NOT backup administration alone (which is one input to DRM, not the discipline itself). A complete DRM program encompasses DR strategy design, failover architecture, backup and recovery infrastructure, documented and tested procedures, trained recovery teams, and post-recovery validation workflows.

Where it stops · what it isn't

—IS: IT system and data restoration following disruptive events, governed by RTO and RPO targets
—IS: Technical failover procedures and recovery site strategies (hot, warm, and cold standby)
—IS: DR plan documentation, team role assignments, testing cadence, and audit evidence production
—IS NOT: Broader Business Continuity Management (BCM)—BCM encompasses workforce continuity, facility recovery, and supply chain; DRM is the IT execution sublayer of BCM
—IS NOT: Cybersecurity incident response (IR)—IR focuses on containment, forensics, and eradication; DRM focuses on system restoration once a safe recovery point is established
—IS NOT: Backup administration in isolation—backups are inputs to DRM, not the discipline itself
—IS NOT: IT change management, general infrastructure operations, or capacity planning

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Business Continuity Management (BCM)

REQUIRES

Business Impact Analysis (BIA)Backup and Recovery Infrastructure

RELATED TO

IT Operations ManagementCybersecurity Incident Response

ENABLES

Regulatory Compliance (HIPAA, SOX, GDPR, PCI-DSS)Organizational Resilience and Uptime SLA Achievement

GOVERNED BY

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) Targets

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.