The IT Law Wiki



Redundancy is

multiple instances of the same software, firmware, devices, and/or data configured in an active/passive or load sharing mode. Redundancy for data and logs needs to be consistent with the organization's data retention plan and continuity of operations plan.[1]
[d]uplication of system components (e.g., hard drives), information (e.g., backup tapes, archived files), or personnel intended to increase the reliability of service and/or decrease the risk of information loss.[2]


Redundancy is

[t]he existence of more than one means for accomplishing a given function. Each means of accomplishing the function need not necessarily be identical.[3]


Redundancy refers to

[a] [r]epetition of parts or subsystems to assure operation if original (primary) part or subsystem fails.[4]
additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.[5]


  1. NISTIR 7628, Vol. 1, at B-2 n.34.
  2. Practices for Securing Critical Information Assets, Glossary, at 57.
  3. Department of the Army, Supervisory Control and Data Acquisition (SCADA) Systems for Command, Control, Communications, Computer, Intelligence, Surveillance, and Reconnaissance (C4ISR) Facilities, at B-4 (Jan. 21, 2006) (full-text).
  4. Department of Defense, Glossary of Defense Acquisition Acronyms and Terms (14th ed. July 2011) (full-text).
  5. DHS Risk Lexicon, at 26.