[gloworange]WARNING: This is not directly related to security. Thank you for your attention.[/gloworange]

Hello all-

I am talking with some of our database services people and finding out that they do not have an active DRP/BCP. They have instead recovery procedures, that in conjunction with working with the sa group and applications will work for them in a disaster event. However, this is not sitting well with me (e.g., like who knows about these recovery procedures?, who do you call in the event of a disaster? when was the last time these procedures were tested?, how do you know if you recovery procedures worked - where's the evidence?), and I was wondering what other computer people thought about this stance from our database people.

Having done my Master's thesis on DRP/BCP in relation to ROI or ITROI, I think they have the blinders on, eyelids taped and heading down the path of destruction.

Thoughts?

TIA.