Skip to main content
All CollectionsAdvancedOrganisational DocumentsSecurity
Disaster Recovery Policy
Disaster Recovery Policy
Updated over 3 years ago

Purpose

The purpose of this document is to define the Plan and detailed guidelines in order to tackle and minimize the impact on business, system, and customers during any kind of Disastrous situation.

Note: Disaster recovery is a subset of the Business Continuity Plan (BCP).

Scope

The scope of this disaster recovery policy is all information technology systems, software, databases, applications, and network resources needed by the Event Hub to conduct its business.

This document encompasses all kinds of situations that could possibly occur as part of any disaster or crisis management situation. These include but not limited to

Epidemic/pandemic

Earthquake

Fire

Flood

Cyberattack

Sabotage (insider or external threat)

Hurricane or major storm

Power outage

Water outage (supply interruption, contamination)

Telecomms outage

IT outage

Terrorism/Piracy

War/civil disorder

Theft (insider or external threat, vital information or material)

Random failure of mission-critical systems

Single point dependency

Supplier failure

Data corruption

Misconfiguration

Terms and Definitions

N/A

Policy

  1. Event Hub should develop comprehensive disaster recovery plans in accordance with good disaster recovery management practices as defined by the disaster recovery standard, ISO/IEC 27031:2011.

  2. Technology disaster recovery activities shall be performed as part of the Event Hub's business continuity management system (BCMS), which administers and manages the technology disaster recovery program which includes:

  3. Planning and design of technology disaster recovery activities, which include technology disaster recovery plans.

  4. Identification of DR teams, defining their roles and responsibilities, and ensuring they are properly trained and prepared to respond to an incident.

  5. Scheduling of updates to DR business impact analyses.
    Scheduling of updates to DR risk assessments.
    Planning and delivery of awareness and training activities for employees and DR team members. o Planning and design of incident response activities.
    Planning and execution of DR plan exercises.

  6. Designing and implementing a DR program/plan maintenance activity to ensure that all plans are up to date and ready for use.

  7. Preparing for management review and auditing of DR plans.

  8. Planning and implementation of continuous improvement activities for the DR program and plans.

    A formal risk assessment (RA) and business impact analysis (BIA) shall be undertaken to determine the requirements for all DR plans; RAs and BIAs shall be updated at least annually to ensure they are in alignment with the business and its technology requirements.

  9. Strategies for responding to specific technology incidents, as defined in the BIA and RA, shall be identified and used when developing individual DR plans.

  10. Disaster recovery plans shall address critical technology elements, including systems, networks, databases, and data, in accordance with key business activities.

  11. Disaster recovery plans shall be periodically tested in a suitable environment to ensure that the systems, networks, databases, and other infrastructure elements can be recovered and returned to a business as usual (BAU)/normal operations status in emergency situations, and that Event Hub management and employees understand how the plans are to be executed as well as their roles and responsibilities.

  12. All employees must be made aware of the disaster recovery program and plans and their own roles and responsibilities during an incident.

  13. Technology disaster recovery plans and other documents are to be kept up to date and will reflect existing and changing circumstances.

Did this answer your question?