Nearly 40% of city councils have not tested their disaster recovery plans in the past year, according to new research.
A freedom of information request conducted by Databarracks examined how major cities are prepared for the possibility of an IT disaster.
It found that while every major city has a disaster recovery plan in place to restore functionality, 38% of these have not been regularly tested.
Peter Groucutt, managing director of Databarracks, said: ‘All of the councils that responded to our FOI showed excellent best practice when it came to prioritising the most critical IT systems in a disaster and they all had structured plans in place that outlined their priorities for recovery.
‘This is particularly difficult for the public sector, as not only do they need to protect revenue-generating systems such as council tax, but they also need to protect their care systems such as children’s services, for example.
‘However, just having a DR plan in place is not enough – plans need to be regularly maintained, updated, revised and tested to guarantee their effectiveness. The results of our FOI request exposed that a significant proportion of city councils had not tested plans for over a year, meaning that they cannot be confident in their effectiveness in the event of a genuine crisis.’
The research also found wide variations in Recovery Time Objectives (RTOs) with some councils aiming for a few hours, while some aimed for as long as four days.