Protecting corporate information from harm or loss is not an easy task. Protection must be done holistically and give the organisation the appropriate level of security at a cost that is acceptable to the business. One must plan for the unexpected and unknown, expect the worst events to happen and recover from these events is and when they occur, as though nothing even happened. Such events cannot be planned and they always seen to happen at the most inopportune times. Organisations that want until the last minute to decide on or protection plan and recovery process will suffer.