Once an organisation has reviewed its risk factors, recovery objectives and technology environment in detail, it can draft a Disaster Recovery Plan (DRP).

The DRP is the formal document that details these elements and describes how the organisation would react in the case of a disruption or disaster. The plan details the recovery objectives, including the RTO and RPO, and the steps the organisation will take to minimise the effects of the disaster.

The DRP plan document should include:

Good governance recommends that the Business Continuity Plan be tested periodically. The same applies to its IT component, the Disaster Recovery Plan.

The purpose of these exercises is to validate the efficiency of the business continuity strategy, to check that the measures are viable in practice, to identify problems that were not apparent in the planning phase, to guarantee business continuity and to familiarise staff with the DRP including their roles and responsibilities (European Central Bank, “Business continuity oversight expectations for systemically important payment systems”).

EFit-partners can provides you with an external and independent expertise that will validate the relevance of these exercises, identify residual risks, and formulate recommendations for improvement.