Should Disaster Recovery Be a Legal Requirement?

Governments often make legal requirements about things that could damage people’s health, whether in a physical, financial, or possibly other sense. Motor vehicles must be insured. Underage drinking is forbidden. Enterprises are required to meet health and safety standards for employees and visitors. Financial institutions must be certified and separate internal finances from customer accounts. With today’s dependency on IT and data, a case could be made for enforcing minimum levels of disaster recovery planning and management. After all, a systems failure could force a company to shut down, possibly causing severe hardship.

The fact that no such legislation exists today can be explained by several things:

  • Difficulty of assessment of the impact of IT system downtime on employees and other stakeholders
  • The variety of DR needs between different enterprises and organisations, making standards harder to define
  • Certification that an organisation has indeed drawn up the right disaster recovery plans and is able to execute those plans in the event of a disaster

Does that mean governments are overwhelmed by the variety and complexity of disaster recovery planning? Or do they simply feel that consequences due specifically to IT system failures are not serious enough to warrant new laws, or at least that existing laws are sufficient to successfully prosecute DR offenders?

In hospital environments for example, unsuccessful DR might be equated with failure in duty of care towards patients. A supplier IT failure causing problems to a client company might be sanctioned by class actions or lawsuits. However, if an organisation does not understand the nature and requirements for DR, it may be doomed to fail in terms of finance, employee wellbeing, or other critical areas, where each failure could have been prevented through effective DR.

With DR the linchpin for so many other parts of a company’s operations, it starts to assume the same fundamental importance as health and safety, which is already regulated. What do you think – Are you in favour of legislation on DR?

This entry was posted in Disaster Recovery and tagged , , . Bookmark the permalink.

Comments are closed.