BIZOPS-5 Disaster Recovery Plan

What is this control about?

Any organization is prone to unforeseen events. Remaining resilient during such events requires some organization and preparation. In writing a disaster recovery plan (DRP) document, the exercise of “what if” scenarios must be contemplated, and resolution solutions must be anticipated and documented.

There are many methodologies out there, however, there are no formal requirements other than a logical step-by-step plan of resolution of any issues that an unforeseen event would cause. TrustCloud provides an out-of box policy that can be augmented to meet a company’s specific needs.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• Best practice from NIST in documenting a DRP  (National Institute of Standards and Technology)
• TrustCloud Disaster Recovery Plan template

Control implementation

Note: This control is 100% automated by TrustCloud. Upload your policy or leverage TrustCloud built-in policy to enjoy the benefit of automation.

For a manual implementation:

Document a Disaster Recovery Plan that includes:

• Business impact analysis
• Disaster recovery metrics
• Disaster recovery plan
• Recovery playbook

Review the policy at least annually.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide the most recent updated disaster recovery procedures

Evidence example

From the suggested action above, an example is provided below.

1. Provide the disaster recovery procedures.

Disaster Recovery Template

No screenshot deemed necessary, as template provided serves as artifact example.