News Ticker

NSW agencies risk not testing Disaster Recovery plans

80% of agencies lack a disaster recovery plan, and half only partially tested their disaster recovery plans.

servers

A review by the NSW Audit Office has revealed four agencies fail to have disaster recovery plans in place, and more than half of the agencies reviewed only partially tested their disaster recovery plan.

The 2015 review found that “over the four years an average of only 80 per cent of those agencies had a Disaster Recovery Plan (DRP) for financial systems in place, and only half had not sufficiently tested their plans”.

Critically, eight agencies didn’t comply with the two most essential Disaster Recovery Planning (DRP) requirements – being have a disaster recovery plan in place and testing it regularly, the report stated.

‘Of 30 agencies reviewed, four agencies did not have a disaster recovery plan, three agencies’ plans were not tested in accordance with the plans and one agency had no disaster recovery plan for one of its four financially significant systems’, the Acting Auditor-General said.

The compliance review was performed on 30 of the NSW’s largest state government agencies, and covered the financial systems “most relevant to producing the financial information they use to manage their businesses and produce financial reports”.

This years review focused on those agencies that reported in a 2014 self-assessment survey that they did not have a disaster recovery plan in place or had not tested a significant portion of their DRP, according to the report, the report said.

In NSW, all state government agencies are required to have a disaster recovery plan in place, test regularly and  reviewed at least bi-annually to ensure it is current and accurate, as stipulated by the Treasurer’s Directions.

Since 2012, the Audit Office has reported on disaster recovery planning for large NSW agencies, which are reported in the Auditor-Generals report to Parliament.

Disaster Recovery Plan requirements for NSW agencies are stipulated by the NSW Treasury and the Department of Finance, and are outlined in Section 744 of the Treasurer’s Directions and the NSW Government Digital Information Security Policy.

Learn more about the NSW Audit Office Disaster Recovery Compliance Review.

Read the NSW Government Digital Information Security Policy.