Disaster Recovery Plan

Why is it important to define and exercise this solution?

Once an organisation has reviewed its risk factors, recovery objectives and technology environment in detail, it can draft a Disaster Recovery Plan (DRP).

The DRP is the formal document that details these elements and describes how the organisation would react in the case of a disruption or disaster. The plan details the recovery objectives, including the RTO and RPO, and the steps the organisation will take to minimise the effects of the disaster.

The DRP plan document should include:

An overview of its main objectives.

Contact details of key personnel and the DRP team.

A step-by-step description of incident response actions.

A diagram of the entire network and recovery site.

Directions on how to reach the recovery site.

A list of software and systems that staff will use during recovery.

Communication including internal and external contacts, and a template for media relations.

A summary of insurance coverage.

Proposed actions to deal with legal issues

Why is it important to define and execute this solution?

Good governance recommends that the Business Continuity Plan be tested periodically. The same applies to its IT component, the Disaster Recovery Plan.

The purpose of these exercises is to validate the efficiency of the business continuity strategy, to check that the measures are viable in practice, to identify problems that were not apparent in the planning phase, to guarantee business continuity and to familiarise staff with the DRP including their roles and responsibilities¬†(European Central Bank, “Business continuity oversight expectations for systemically important payment systems”).

EFit-partners can provides you with an external and independent expertise that will validate the relevance of these exercises, identify residual risks, and formulate recommendations for improvement.

Interested and looking for more information?

We take some time to discuss and listen to you.