Disaster Recovery Plan is the business entity’s way to back on track to normal operation regarding IT systems or networks after unplanned disruption. It is intended to minimize the effects of a disaster so that an entity can resume its operations.
Why do business entities need to have Disaster Recovery Plan (DRP) in place?
Business entities need to have disaster recovery plans ready for implementation at any time to ensure that they are able to continue providing their services or products in case of any unforeseen emergency situations. This helps the entity overcome an IT disruption.
It is noteworthy that Disaster Recovery Plan is a part of the ISO 27001:2013 and ISO 22301:2012. However, whether a business entity is looking to implement ISO Standards or not, a disaster recovery plan is a part of the big picture of Business Continuity Plan (BCP).
Is there instruction by any regulator to regulated entities to have DRP?
Module 6 of the Executive Regulations of Law No. 7 of 2010 concerning the Establishment of Capital Markets Authority and Regulation of Securities Activity requires licensed persons to maintain and implement business continuity plan, which includes the disaster recovery plan for IT systems.
What is the added value to business entities from implementing Disaster Recovery Plan (DRP)?
- Identify, asses, and evaluate approximately all the expected disasters that may face the entity from IT perspective.
- Develop the required procedures and controls to mitigate or transfer the expected risks.
- Protect the entity against potential threats to maintain the business continuity.
- Ensure compliance with regulatory requirements.
What are the services offered by Baker Tilly?
- Develop the Disaster Recovery Plan and/or review and enhance the existing DRP, if any.
- Design alternative sites.
- Supervise the setup of alternative sites.
- Test the effectiveness of alternative sites.
- Cybersecurity Audit
- Cybersecurity Consulting
- IT Internal Audit Service
- SWIFT CSCF Assessment
- Information Technology Processes, Policies and Procedures
- Information Technology Strategy
- Information Technology Governance
- Digital Transformation
- Big Data Management
- ISO/IEC 27001:2013 Information Security Management System
- ISO 22301:2012 Business Continuity Management System
- Technology Project Management
- Financial Technology (FinTech) Consulting