Description

Disaster Recovery Policy and Procedure Pack for FSPs

The Disaster Recovery Policy and Procedure Pack is an editable downloadable template designed for Financial Services Providers that need a practical framework for restoring systems, data, records, facilities and operations after a disaster event.

This Disaster Recovery Policy helps an FSP prepare for serious disruptions such as cyberattacks, ransomware, data loss, fire, flood, power failure, office inaccessibility, key person loss, critical service provider failure or other incidents that may affect client service, recordkeeping and regulatory obligations.

For related compliance templates, you may also view our Business Continuity Policy and Procedures, Cyber Security Policy Template and Recordkeeping Policy Template.

For official regulatory context, you can also visit the FSCA regulated entities page.

What Is Included In This Disaster Recovery Policy?

This template combines a Disaster Recovery Plan and dry-run testing guide into one practical policy and procedures pack. It is designed to help FSPs document how disaster events will be detected, escalated, contained, managed, recovered and reviewed.

The policy includes sections for:

• Policy review control sheet
• Policy review details and change log
• Training and implementation record
• Introduction and purpose of the disaster recovery framework
• Regulatory and governance context
• Relationship between the Business Continuity Plan and Disaster Recovery Plan
• Scope of application
• Definitions, including DRP, BCP, RTO, RPO, alternate site and dry-run
• Disaster recovery objectives
• Core disaster recovery principles
• Disaster recovery governance and responsibilities
• Critical records, systems and services
• Risk assessment and disaster scenarios
• Business impact and recovery prioritisation
• Activation levels and decision criteria
• Disaster detection and initial notification procedure
• Disaster response and containment procedure
• IT systems, data and backup recovery procedure
• Alternate site and remote work recovery procedure
• Client service and operational recovery procedure
• Compliance and regulatory recovery procedure
• Communication and stakeholder management procedure
• Deactivation and return-to-normal procedure
• DRP dry-run testing procedure
• Post-disaster review and corrective action
• Recordkeeping, training, monitoring and approval

Disaster Recovery Policy Annexures Included

The Disaster Recovery Policy pack includes practical annexures that help the FSP evidence disaster recovery planning, backup testing, recovery prioritisation and post-incident improvement.

The annexures include:

• Annexure A: Disaster Notification and Activation Form
• Annexure B: Disaster Recovery Team Contact Register
• Annexure C: Critical System and Data Asset Register
• Annexure D: Backup and Restoration Test Log
• Annexure E: Disaster Event Risk Assessment Template
• Annexure F: RTO / RPO and Critical Function Recovery Matrix
• Annexure G: DRP Dry-Run Test Plan
• Annexure H: DRP Dry-Run Results Report
• Annexure I: Incident Communication Log
• Annexure J: Post-Disaster Review and Corrective Action Register
• Annexure K: Staff Acknowledgement and Training Attendance Register
• Template Completion Checklist

Why FSPs Need a Disaster Recovery Policy

A disaster recovery plan is not only about restoring technology. For an FSP, disaster recovery also affects client service, regulatory records, advice records, complaint handling, POPIA safeguards, FICA records, financial records, communication channels and evidence of compliance.

A written Disaster Recovery Policy helps the FSP show that it has considered how essential systems and records will be restored after a serious disruption. It also helps the business assign responsibilities, set recovery time objectives, test backups and keep evidence of recovery readiness.

This template helps address common weaknesses such as:

• No written Disaster Recovery Plan
• No disaster activation form or escalation process
• No disaster recovery team contact register
• No critical system and data asset register
• No backup and restoration test log
• No RTO and RPO recovery matrix
• No disaster event risk assessment template
• No dry-run testing plan or results report
• No communication log for disaster events
• No post-disaster corrective action register

Backup Restoration and RTO/RPO Controls

The pack includes a backup and restoration test log to help the FSP record whether selected systems or data were restored successfully and whether data integrity was verified.

The RTO/RPO and critical function recovery matrix helps the FSP set practical recovery targets for client service, client records, email, telephony, CRM, document storage, finance, payments, compliance deadlines, complaints handling and website or client portal access.

DRP Dry-Run Testing Tools

The Disaster Recovery Policy pack includes a dry-run test plan and results report. These tools help the FSP test realistic scenarios such as fire, cyberattack, data loss, power outage, office closure or critical system failure.

The dry-run results report allows the FSP to record whether the DRP was activated correctly, whether systems were restored within the required recovery time, whether data was restored within the required recovery point, whether communication procedures worked and what corrective action is required.

Who Should Use This Disaster Recovery Policy?

• Authorised Financial Services Providers
• Key Individuals responsible for operational ability
• FSPs that rely on cloud storage, CRM, email, websites or payment platforms
• FSPs with client records, advice records, complaints records or regulatory records
• FSPs preparing for compliance monitoring or internal governance review
• Compliance officers assisting FSPs with operational resilience
• Business owners who need a practical recovery and backup testing framework

Editable and Customisable DRP Template

This Disaster Recovery Policy pack is editable and must be customised before use. The FSP must insert its name, FSP number, disaster recovery responsible persons, actual systems, backup locations, service providers, alternate site arrangements, recovery priorities, RTO targets, RPO targets and contact details.

The template includes placeholders and a completion checklist to help the FSP finalise the document before approval, training, testing and annual review.

Important Compliance Note

This Disaster Recovery Policy pack is a compliance support document. It does not replace IT disaster recovery advice, cybersecurity advice, POPIA breach advice, legal advice or a full operational resilience assessment. Each FSP remains responsible for ensuring that its final DRP is accurate, practical, tested, reviewed and aligned with its actual systems, records, service providers and regulatory obligations.