Assessing IT disaster recovery plans

Abstract

Purpose This purpose of this paper is to assess information technology (IT) disaster recovery plans (DRPs) in publicly listed companies on Abu Dhabi securities exchange (ADX) in the United Arab Emirates. The authors assessed, among other things, DRP preparedness, documentation, employees’ preparedness and awareness and the most significant physical and logical risks that pose the most threads to drive the development of the DRP, etc. Design/methodology/approach The authors surveyed publicly listed companies on the ADX using a questionnaire adapted from past research papers as well as from audit programs published by the Information Systems Audit and Control Association. The surveys were completed through interviews with middle and senior management familiar with their firm’s IT practices. Findings The majority of the respondents reported having a DRP, and a significant number of the respondents reported that their top management were extremely committed to their DRP. Employees were generally aware of their role and the existence of the DRP. The greatest risk/threat to their organization’s IT system was logical risk followed closely by power and network connectivity loss as the second highest physical risk. The most highly ranked consequence of an IT disaster was loss of confidence in the organization. Research limitations/implications Because this paper only examined publicly listed companies on ADX, the research results may lack generality. Therefore, further research is needed in this area for determining the extent of the deployment of the DRP in the region. Practical implications Results of this paper could be used for IT DRP planning bench-marking purposes. Originality/value This paper adds value to research by investigating the current IT DRP practices by public companies listed on ADX.