Docy Child

BIZOPS-5 Disaster Recovery Plan

Estimated reading: 2 minutes 841 views

What is this control about?

Any organization is prone to unforeseen events. Remaining resilient during such events requires some organization and preparation. In writing a disaster recovery plan (DRP) document, the exercise of “what if” scenarios must be contemplated, and resolution solutions must be anticipated and documented.

There are many methodologies out there, however, there are no formal requirements other than a logical step-by-step plan of resolution of any issues that an unforeseen event would cause. TrustCloud provides an out-of box policy that can be augmented to meet a company’s specific needs.

Available tools in the marketplace

No tools recommendation for this section

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

Control implementation

Note: This control is 100% automated by TrustCloud. Upload your policy or leverage TrustCloud built-in policy to enjoy the benefit of automation.

For a manual implementation:

Document a Disaster Recovery Plan that includes:

  • Business impact analysis
  • Disaster recovery metrics
  • Disaster recovery plan
  • Recovery playbook

Review the policy at least annually.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide the most recent updated disaster recovery procedures

Evidence example

From the suggested action above, an example is provided below.

  1. Provide the disaster recovery procedures.

Disaster Recovery Template

No screenshot deemed necessary, as template provided serves as artifact example.

Join the conversation

Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.