ICT disaster recovery planning

Expected to be tabled in November 2017


This audit will assess the maturity of selected agencies’ ICT disaster recovery processes and their ability to recover critical systems and data in the event of a disaster.

As computer systems become increasingly critical to the operations of government agencies and the broader community, the importance of ensuring the continued operation of computer systems and their rapid recovery has increased. Effective planning and processes to manage disruptions are vital for ensuring Victorians can continue to access public services.

Disaster recovery planning is the ability of an entity to recover their critical ICT systems and data in a complete and timely manner in the event of a disaster at a primary data centre. If public sector entities—or their IT service providers—are unable to react and respond appropriately, a disaster could interrupt the entity's delivery of services to the community and could cause reputational damage to the state and the entities involved.

As reported in the November 2016 Financial Systems Controls Report: Information Technology 2015–16, disaster recovery planning continues to be a significant concern, particularly where a number of departments and agencies are dependent on a limited number of IT outsourced service providers.