HG Alert: Disaster recovery agreements: 10 key questions for suppliers and customers - 21 Feb 2011

The one clear lesson to be learned from the natural disasters that hit Queensland last month is that prevention is always better than cure. Businesses who had prepared in advance for emergencies were better able to respond to the situation and rebuild their businesses after disaster had hit.

Preparing for emergency situations is even more important for ICT professionals, as disruption to your IT systems will have wide-reaching consequences for your entire business. We recommend that all businesses consider putting together an ICT disaster recovery plan that outlines the steps that need to be taken if disaster hits.

One important element of an ICT disaster recovery plan is a 'disaster recovery agreement', which provides an organisation with outside services (often provided in the cloud) to ensure business continuity is available during times of emergency or natural disaster. Such services are generally only available to an organisation during certain types of emergencies.

Here are the key questions that are important to address in a disaster recovery agreement:

  • During what period and under what circumstances can a customer access the supplier's services? Is there a clear definition of 'emergency' or 'disaster' which entitles the customer to use the services?
  • Does the supplier provide a warranty that the services will be continuously available during times of need?
  • Does the customer have the option of accessing the services in times which are not an 'emergency' or 'disaster'?
  • Does the customer have specific obligations as to the operation of its own facilities? Does this limit or excuse the obligations of the supplier?
  • How are the supplier's fees or charges to be calculated?
  • Are there clear obligations on the supplier as to privacy and customer data?
  • How is liability dealt with under the agreement? Is the liability of the supplier capped?
  • Can the supplier subcontract its obligations?
  • What is the duration of the agreement? Is the agreement automatically renewed?
  • What is the governing law of the agreement?

What you can do practically to prepare your IT systems for a disaster is a topic at our upcoming seminar ICT Governance and Disaster Recovery: A practical and legal perspective, to be held on Thursday 10 March. To find out more about this seminar or to register, please visit the Australian Computer Society's website.

For more information about ICT governance and disaster recovery, please contact HopgoodGanim's Intellectual Property and Technology team.