Merge pull request #914 from Jonathan-Scott14/patch-18

Update disaster-recovery.html.md.erb

source/standards/disaster-recovery.html.md.erb

@@ -1,6 +1,6 @@
 ---
 title: Disaster Recovery
-last_reviewed_on: 2023-11-02
+last_reviewed_on: 2024-06-27
 review_in: 6 months
 ---
 
@@ -25,7 +25,7 @@ Disaster recovery planning is the process of identifying the kinds of events tha
 
 ### Understand risks and threats to your service
 
-You should work with the [Information Assurance (IA)](https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/gds-operations/information-services/information-assurance) and [Cyber Security](https://sites.google.com/cabinetoffice.gov.uk/cybersecurity/home) teams to understand the risks to your service. This will help you build a more resilient and secure digital service.
+You should work with the [Information Security](https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/directorates-and-groups/cto-and-ciso-office/information-security) and [Cyber Security](https://sites.google.com/cabinetoffice.gov.uk/cybersecurity/home) teams to understand the risks to your service. This will help you build a more resilient and secure digital service.
 
 You should also work with risk and service owners to plan for the worst-case scenarios. This is particularly important for your data, as loss or theft of data is disastrous for most services.
 
@@ -40,7 +40,7 @@ build pipelines
 
 #### Disaster planning workshops
 
-You might find it useful to run a disaster planning workshop to help identify the risks to your service. This should involve important service stakeholders, Information Assurance and Cyber Security colleagues, as well as product and technical members of your delivery team. The more involvement you have from different disciplines the more likely you will be to identify all the risks and understand them.
+You might find it useful to run a disaster planning workshop to help identify the risks to your service. This should involve important service stakeholders, Information Security and/or Cyber Security colleagues, as well as product and technical members of your delivery team. The more involvement you have from different disciplines the more likely you will be to identify all the risks and understand them.
 
 You should use a whiteboard or an online alternative for the workshop. Start with a technical architecture diagram of your service to help visualise dependencies and important assets, such as data stores. Then, either individually or in small groups, identify as many disaster scenarios as possible, raising sticky notes on the diagram for each one.
 
@@ -85,7 +85,7 @@ Make sure you discuss and agree your RPOs and RTOs with risk and service owners.
 
 Disasters rarely happen, meaning that your disaster recovery plans are likely to become ineffective unless you test them regularly.
 
-You must regularly test that you can restore data from your live and offline backups. You must test the procedure for restoring an offline backup so team members are familiar with the procedure for accessing and using the backup.
+You must regularly test that you can restore data from your live and offline backups. You must test the procedure for restoring an offline backup so team members are familiar with the procedure for accessing and using the backup. It also serves as useful reassurance that backups are functioning correctly.
 
 You must regularly test your manual or automatic recovery processes so that you are confident they will work in an emergency situation. This also helps team members build familiarity with the relevant procedures.