DR planning is something businesses can no longer afford to overlook. Thus, working with the right disaster recovery standards should steer you on the path to compliance. Many jurisdictions have regulations mandating this for particular industries. They could face legal penalties and fines if an emergency occurs and the specific business does not have a disaster recovery plan or a business contingency plan.
Attaining compliance through business continuity and disaster recovery appertains three actions—having the proper standards, reviewing the plans against these standards, and updating the plans to comply with them.
One can think of this process as an audit; disaster recovery standards represent the controls to which the plans conform. Provided that the plans align appropriately with the standards regarding an organisation’s policy and infrastructure, compliance is most likely applicable.
Setting the proper standards
In the case of most companies, the standards for business continuity and DR below reveal all the necessary information to determine compliance:
For business continuity (BC), you may use these standards,
- MS1970:2007, BCM Framework – Department of Standards, Malaysia
- ISO 22301:2019 – Business Continuity Management (BCM)
Additional business continuity standards are available for specific vertical markets, such as banks, investment banks and credit unions.
For disaster recovery (DR), use
- ISO/IEC 27031:2011, Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity;
- U.S. standard NIST SP 800-34, Contingency Planning Guide for Federal Information Systems.
Similar to business continuity, disaster recovery standards are also available for vertical markets.
Reviewing plans against standards
Now, you may begin by comparing the table of contents for each standard against those in your plans. Since the standards serve as a framework and guide to developing BC/DR plans, ensure that you can identify content that addresses issues in the standards or complete missing sections in your plans.
If you are missing content for these specific sections, which are known as gaps, you should list them down for subsequent action. You must also read the glossaries that fall under each standard to understand better the terms employed.
Once you’ve mapped out your plans to the available standards, inspect them for further developments. Do you currently have a BC/DR training program in place? If the answer is no, you can note this intent in the pertinent section.
Auditors tend to seek supporting evidence of these programs’ existence, so you want to work towards developing them eventually.
Read More: Cloud Audit: The Importance of Regular Backup and Security Audit
Updating plans to comply with DR standards
After conducting a gap analysis, you can then update your plans to remedy the identified gaps. Look for wording in the standards that you can perhaps adapt for your purposes or refer to this article for plan development.
Lastly, from a content perspective, confirm that your plans are consistent with the standards’ composition. You don’t have to map your plans to the exact sequence listed in the disaster recovery standards, but you can use them as a model considering any corporate mandates do not bind you.
Aegis Cloud Disaster Recovery (CDR)
Aegis CDR, a cloud backup and disaster recovery service, is ISO 27001 Information Security Management System (ISMS) certified. Besides, Aegis CDR is the first Cloud Disaster Recovery service to be certified ISO 27001 ISMS in Malaysia. With this certification, you can rest assured that the ISO 27001 ISMS standards govern Aegis CDR’s backup and disaster recovery processes and practices. Aegis CDR protects the confidentiality, integrity and availability of backup data.
Aegis also obtained the Disaster Recovery Certified Expert (DRCE) Certification back in 2012. Our DRCE experts can guide you in IT Disaster Recovery planning if you subscribe to Aegis CDR. We are qualified to certify your IT Disaster Recovery plan by ensuring proper adherence to compliance standards. A complimentary customised IT Disaster Recovery template will also be crafted for customers who subscribe to Aegis CDR.
One of the compliance requirements for disaster recovery plans is to perform DR drills frequently. With Aegis CDR, customers can benefit from complimentary, unlimited DR drills assisted by our dedicated DR drill personnel. Aegis CDR also provides complimentary DR Seats. What are DR seats, you ask? Well, it’s essentially an office space equipped with relevant facilities to perform DR drills.
Rest assured that the entire DR drill process will be hassle-free and successful. Learn more about our extensive services bundled with unlimited DR resources and fool proof your Disaster Recovery plan before it’s too late.