High Table Logo Website

Home / ISO 27001 Glossary of Terms / Disaster Recovery (DR)

Disaster Recovery (DR)

11/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Disaster Recovery (DR) Definition - ISO 27001 Glossary

Disaster Recovery (DR) is a set of policies, tools, and procedures that enable the recovery or continuation of vital technology infrastructure and systems following a disaster. The goal of a DR plan is to minimise the impact of a significant event on business operations, ensuring that the organisation can resume its functions and restore its data and services in a timely manner.

Key Components

Recovery Time Objective (RTO): The maximum tolerable length of time that a computer system, application, or service can be down after a failure or disaster.

  • Recovery Point Objective (RPO): The maximum amount of data (measured in time) that an organisation can afford to lose following an event.
  • DR Plan: A formal, documented plan that outlines the steps to take before, during, and after a disaster.

ISO 27001 Context

While Business Continuity (BC) focuses on keeping the entire organisation running during and after a disaster, Disaster Recovery (DR) is a critical subset of BC that specifically deals with the IT and technology infrastructure. ISO 27001’s Annex A.5.21 requires organisations to have a documented procedure to restore information and services following a disaster, demonstrating the importance of DR within the broader ISMS.

Tags:
Stuart Barker, ISO 27001 expert

Stuart Barker
ISO 27001 Expert and Thought Leader

ISO 27001 Toolkit Business Edition
ISO 27001 Jumpstart Kit
ISO 27001 Consultant Toolkit
Stuart Barker, ISO 27001 expert

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.