Disaster recovery (DR) encompasses the documented plans, procedures and technical capabilities that enable an organisation to restore critical IT systems, applications and data following a disruptive event such as a natural disaster, cyberattack, hardware failure or human error. A comprehensive DR plan defines recovery time objectives (RTOs) and recovery point objectives (RPOs) for each critical system, along with detailed runbooks, communication protocols and roles and responsibilities.
Disaster recovery is a mandatory requirement under most compliance frameworks, including ISO 27001 (Annex A.17), DORA and SOC 2. Regular testing of DR plans through tabletop exercises, failover drills and full-scale simulations is essential to ensure that recovery procedures actually work under pressure and that recovery targets can be met, providing both operational resilience and auditable evidence of preparedness.