Typically, vendor white papers are written with the ITDM or senior ITDM at a large company, in mind. [ITDM is industry jargon for "IT decision maker", since you ask.] People working at smaller companies are rather less well served, in quantity and quality. So today we focus our Reg Library selection on a couple of good papers aimed at small and medium-sized businesses.

A practical guide to disaster recovery planning

This well-known quote makes an early appearance in Double-Take Software's informative paper. Gartner's claim is highly suspect - 40 per cent in 24 hours? - but caveat aside, the risks to reputation and profit from a data disaster are self evident.

Double-Take's white paper walks you through the process to get your business continuity plan up to snuff. The underlying thesis, expressed gently, is that tape back up is insufficient for data recovery - it's too slow and things can go horribly wrong. (Double-Take specialises in data replication software). The paper explains the need for a disaster recovery plan, how to get started, how to scope the right technology for your company, and highlights pitfalls to avoid. This is a very good, non-technical read, pitched well at the target audience.

Everything you need to know about web and email security (but were afraid to ask)

MessageLabs also knows how to write a non-technical white paper, without descending into brochureware. Aimed at business managers and owners, this paper argues that many SMEs, especially those with little or no IT support, "tend to put a low priority on protecting themselves". So they are attractive targets for bad people. The authors romp through the the risks that all businesses face, give advice on risk assessment and deliver a checklist on what companies need to do to protect themselves.

The paper contains nothing that IT security professionals don't know already. But it may be a useful narrative to push at the business manager or client, the next time they squeal about the cost of implementing a proper security strategy. ®