THE PENTAGON FIRE IN 1959, THE DEVASTATION CAUSED BY HURRICANE AGNES IN 1972, AND THE EQUITY FUNDING FRAUD ARE REMINDERS OF THE NECESSITY OF SECURITY PLANNING AND IMPLEMENTATION. REQUIREMENTS FOR RECOVERY INCLUDE COMPATIBLE COMPUTERS, APPLICATIONS AND KEY SYSTEM SOFTWARE, MASTER AND TRANSACTION FILES, SPECIAL FORMS, TECHNICAL KNOWLEDGE, ANCILLARY FACILITIES AND SERVICES, AND SKILLED PERSONNEL. A VITAL RECORDS PROGRAM IS ALSO RECOMMENDED. IN ADDITION TO THE CRITICAL REQUIREMENT OF DESIGNING EFFICIENT RECOVERABILITY INTO THE ORGANIZATION'S DATA PROCESSING ACTIVITIES, A NUMBER OF STEPS CAN BE TAKEN TO REDUCE THE RISK OF DISASTER AND THE COST OF RECOVERY. THESE CONSIDERATIONS INCLUDE PHYSICAL LOCATION, PHYSICAL ACCESS CONTROL, FIRE PROTECTION, MEDIA PROTECTION, COMPUTER FRAUD AND INTERNAL CONTROL. ALSO DISCUSSED ARE BACKUP CAPABILITIES, PERSONNEL, DATA PROCESSING RISK INSURANCE, AND THE ROLE OF THE AUDITOR IN IMPROVING CONTROL AND SECURITY.