Disaster recovery

Definition (EN)

Disaster recovery is the capability to restore and recover information systems, data, and infrastructure after a disruptive incident within defined time and service levels.

Explanation (EN)

Disaster recovery focuses on the restoration of IT and OT systems following major incidents such as cyberattacks, system failures, natural disasters, or other severe disruptions.
It supports business continuity by ensuring that critical systems and data can be recovered in line with defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
Disaster recovery includes technical measures such as backups, redundancy, failover, and recovery procedures, as well as governance aspects such as testing, documentation, and management approval.
Disaster recovery plans should be risk-based, regularly tested, and aligned with business continuity strategies and organisational priorities.

Nederlandse term (NL)

Disaster recovery / IT-herstel

Definitie (NL)

Disaster recovery is het vermogen om informatiesystemen, gegevens en infrastructuur te herstellen na een verstorende gebeurtenis binnen vastgelegde tijds- en serviceniveaus.

Toelichting (NL)

Disaster recovery richt zich op het technisch herstel van IT- en OT-systemen na ernstige incidenten zoals cyberaanvallen, systeemstoringen, natuurrampen of andere zware verstoringen.
Het ondersteunt bedrijfscontinuïteit door te waarborgen dat kritieke systemen en data kunnen worden hersteld in overeenstemming met vastgelegde Recovery Time Objectives (RTO) en Recovery Point Objectives (RPO).
Disaster recovery omvat technische maatregelen zoals back-ups, redundantie, failover en herstelprocedures, aangevuld met governance-aspecten zoals testen, documentatie en managementgoedkeuring.
Disaster recoveryplannen moeten risicogestuurd zijn, regelmatig worden getest en afgestemd zijn op bedrijfscontinuïteitsstrategieën en organisatorische prioriteiten.

Source

• ISO 22301:2019 — Security and resilience — Business continuity management systems — Requirements

• ISO/IEC 27031:2011 — Guidelines for information and communication technology readiness for business continuity

• ISO/IEC 27001:2022 — Information security management systems — Requirements

• NIST SP 800-34 Rev.1 — Contingency Planning Guide for Federal Information Systems

Related terms

• Business continuity

• Business Impact Analysis (BIA)

• Recovery Time Objective (RTO)

• Recovery Point Objective (RPO)

• Incident response

• Resilience

• Backup