Disaster Recovery (DR) is a set of policies, tools, and procedures that enable the recovery or continuation of vital technology infrastructure and systems following a disaster. The goal of a DR plan is to minimise the impact of a significant event on business operations, ensuring that the organisation can resume its functions and restore its data and services in a timely manner.
Key Components
Recovery Time Objective (RTO): The maximum tolerable length of time that a computer system, application, or service can be down after a failure or disaster.
- Recovery Point Objective (RPO): The maximum amount of data (measured in time) that an organisation can afford to lose following an event.
- DR Plan: A formal, documented plan that outlines the steps to take before, during, and after a disaster.
ISO 27001 Context
While Business Continuity (BC) focuses on keeping the entire organisation running during and after a disaster, Disaster Recovery (DR) is a critical subset of BC that specifically deals with the IT and technology infrastructure. ISO 27001 Annex A 5.29 Information Security During Disruption requires organisations to have a documented procedure to restore information and services following a disaster, demonstrating the importance of DR within the broader ISMS.
