Disaster recovery and business continuity plan checklist

A disaster might not happen, but a business needs to prepare for every relevant disaster, in order to be able to guarandee continuity to the stakeholders, investors and customers. 

What does a business disaster recovery and business continuity plan typically includes?

A disaster plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more. When a disaster hits, for example, because a foreign USB stick was plugged into the system with ransomware, you want to be 100% confident that you can recover your data and get on with the job. On top of this, the GDPR will require you to deal with the personal data of European citizens responsibly, and therefore requires substantial changes to data protection management. Any company (regardless of geographic location) who is holding data on EU citizens will need to comply with the regulation. The penalties for non-compliance can be upward of 4% of the global turnover of the organization, and therefore be very large. The GDPR puts an obligation on companies to have an effective Disaster Recovery solution in place, which is regularly tested. 

Business Continuity Plan and the EU General Data Protection Regulation (GDPR):

This is a common question, when you are working on the improvement of your business continuity, in relationship to the way the company is storing and processing (personal data). There are several key principles of GDPR that you need to take into consideration when you are preparing your disaster recovery solution(s). For example, the following key principles of GDPR are important: transparency, data minimization, accuracy, storage limitation, integrity and confidentiality (security), and accountability. Therefore, your disaster recovery solution must be able to recover your data every time and on time. 

Some important items on a disaster recovery checklist are:

• Evidence of senior management approval and support;
• Emergency action steps to take in an incident;
• Types of incidents that could launch the BC plan have been clearly defined;
• Lists of key business processes to protect;
• Lists of critical technologies to protect;
• Lists of recovery time objectives and recovery point objectives;
• Lists of key vendors, stakeholders, regulators and other third parties;
• Step-by-step procedures for various activities;
• Procedures for obtaining emergency funds;
• Lists of vital records the company needs to operate;
• References to other activities. 

Download this Disaster recovery and business continuity plan checklist template now in order to support you improving your risk management and data security, and personalize it according to your needs. If your organization collects personal data directly from EU Citizens, or do a quick gap analysis and check out this overview of mandatory documents required by the GDPR or GDPR Document Kit. Fast, safe, and easy!