Disaster Recovery & Business Continuity Audit Recommendations
A government
auditor has provided recommendations to government agencies after concluding
that their disaster recovery processes are not sufficient to recover and restore
critical IT systems following disruptions.
The top five recommendations were:
- Create a "collaborative disaster recovery working group" to provide advice and technical support; share learnings from the disaster recovery tests and exercises undertaken; coordinate disaster recovery requirements for resources shared between agencies; identify, develop, implement, and manage initiatives impacting multiple agencies; and coordinate funding requests to ensure certain investments and requirements are prioritised.
- Perform a gap analysis on their disaster recovery requirements and resource capabilities in order to determine the amount of investment that will be required
- Develop and test disaster recovery plans for the IT systems that support critical business functions.
- Provide advice and training to staff on specific disaster recovery systems, as well as newly developed frameworks, policies, standards, and procedures to increase awareness and adoption of those systems.
- Establish "system obsolescence management processes" in order to identify and manage systems at risk of becoming obsolete; enable strategic planning, lifecycle optimisation, and the development of long-term business cases for system lifecycle support; and provide agency executives with information that will allow them to make risk-based investment decisions.