BKDRPCCR.RVW 20021123 "Disaster Recovery Planning", Jon Toigo, 1996, 0-471-12175-4 %A Jon Toigo %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1996 %G 0-471-12175-4 %I John Wiley & Sons, Inc. %O 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0471121754/robsladesinterne %P 329 p. + disk %T "Disaster Recovery Planning: For Computers and Communication Resources" The purpose of the book is stated to be a modular reference for professionals. In that regard, it succeeds, with a realistic approach, and helpful tools for the planner. Chapter one is a general introduction, with a sensible look at what disaster recovery planning (DRP) can do, and a useful section listing extra benefits of such a plan, which can be helpful in selling the idea to senior management. An overview of the planning project is given in chapter two, including an information flow diagram. The discussion stresses similarities and differences between disaster recovery planning and other types of projects. Each chapter from this point on ends with a summary of important concepts and a checklist of basic points for the project, and most contain a number of forms of benefit in gathering and analyzing information. A very detailed description of the preliminary steps for project initiation is provided in chapter three. Some of the material, such as sources of risk information, is US-centric, and the book is, understandably, not current with the latest types of risk analysis software. The itemized data collection forms in chapter four are very good, but limited attention is paid to a number of important "social" and political issues. Mention is made of the need for management buy-in, but the forms still ask dangerous questions, such as how many staff the manager can do without. Chapter five deals with risk analysis, and, while there is not much more information on the process than is contained in most such texts, there is a good analysis of the weaknesses of common approaches. Disaster prevention for facilities and infrastructures, in chapter six, has varying levels of detail, but it is generally superior to other works. Off-site storage considerations are discussed in chapter seven. Chapters eight and nine review systems and network recovery, and, while there is a good overview, the content is not up to the standard of previous material. End-user recovery, in chapter ten, looks at necessary facilities, supplies and services for personnel, an often overlooked requirement. Chapter eleven covers the presentation of the plan to management, and consists primarily of a checklist of items to include. Plan development, in chapter twelve, concentrates on the creation of detailed procedures and documentation, and possibly should have been included in some of the prior chapters. There is a vague and terse look at training in chapter thirteen. Chapter fourteen does a better job of considering testing, but is not necessarily than other works. It is disappointing that the good start to the book does not carry through to equal quality in the later chapters. However, despite gaps and some weaknesses, overall this book is possibly the best I have found on the disaster recovery and business continuity topics. copyright Robert M. Slade, 2002 BKDRPCCR.RVW 20021123