To be prepared for disaster – to best ensure the continuity of business, should a disaster occur – the company should develop an IT Disaster Recovery Plan Template. The company should implement ITSD104-1 IT DISASTER RECOVERY PLAN, educating employees in their roles and responsibilities; test the Plan, to see if it will ensure rapid and full recovery; and fix flaws identified in testing, to better ensure the Plan will work when it is most needed.
The company should establish an Information Technology Disaster Recovery Planning Committee (Information Technology DRPC), composed of key personnel from each functional area within the company (HR, accounting, sales, etc.) and an Information Technology Disaster Recovery Coordinator, who should chair the Committee. The Information Technology DRPC should meet to:
The Information Technology Security Manager should test Information Technology disaster response and recovery at least once every 12 months. The Information Technology Security Manager should also test response and recovery upon any changes to the IT Disaster Recovery Plan. The Information Technology Disaster Recovery Plan should be periodically (at least once every three years) subjected to a third-party audit, to verify that the Plan is clear, sound, and continues to meet company, customer, and legal/regulatory requirements.
Format: Microsoft Word 2013 (.docx)
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Disaster Recovery Procedure ITSD104