This report provides detailed commentary and audit observations on a review to determine whether SA Government agencies have implemented sufficient processes and controls to recover their key information assets following a disaster or significant business disruption.
Our review identified that most SA Government agencies have implemented some disaster recovery controls and a number of agencies were strengthening their recovery arrangements.
We concluded however that many of the agencies we reviewed had not implemented sufficient processes and controls to mitigate their key disaster recovery risks.
Without sufficient controls in place, agencies may not be able to recover their key business systems within expected time frames. This increases the risk of disruption to important public services.