This study focuses on how to confine error recovery to the immediate environment of a failed computation (process) by restricting information flow through the system. A module called a manager that restricts the access of operations (procedures) to shared data representation is proposed. The use of descriptors to represent address variables (pointers) and procedure parameters is also proposed to restrict the amount of information available to a procedure. A linguistic mechanism to define recoverable data and inverse procedures (procedures that reverse the actions of another procedure) to undo completed actions is presented. A system data structure that defines a recovery environment to support system implemented recovery is presented.