Although all London councils have disaster recovery procedures in place, nearly half of them (40%) have not tested them in the last 12 months, according to an FOI request from Databarracks.

The FOI requests were sent to all London boroughs, the majority of which obliged with details on their business continuity practices, specifically in relation to electoral data. Managing director of Databarracks, Peter Groucutt, says that 40% is an alarmingly high number to have forgone testing, especially considering the election later this week.

“It’s worrying that with the general election just days away, many local councils have not tested that their procedures actually work in the event of a disaster. As expected, all councils to respond to our request had thorough backup and disaster recovery plans in place – which is excellent – but without testing, they could be proved useless at their time of need.

“We always recommend performing a disaster recovery test at least once a year. At any time in the year councils are under scrutiny to keep sensitive data secure and systems running smoothly. So the run-up to a general election, when the electoral roll is most important, it is vital to ensure your procedures are water-tight.”

Another concerning finding from the FOI requests is the current RTO and RPO of many of the boroughs. “Most of the councils that did respond to us told us that their RTO for electoral data was 24 hours, with some even as long as 7 days or in one case up to 2 weeks. It was also interesting to see that different councils have very different classifications for how critical the electoral register is. For some it is a ‘Priority 1’ system and requires the fastest recovery possible but for others there is no prioritisation, and for some the register is not included on their continuity list or would only be recovered on a ‘best-effort basis’.

“We put a lot of faith in IT infrastructure to just work. Imagine if a council thought its RPO was 30 minutes but when it came down to it, it was actually 48 hours..." Groucott adds.

It may be too late to test before the election, but Databarracks’ advice to councils would be to remember how important testing is to the overall effectiveness of disaster recovery strategies.

“With just a couple of days before the election, realistically there isn’t time to test systems now," Groucott adds. "For government bodies dealing with such vast amounts of sensitive data, it really is paramount to ensure they’re ready in future. All of the boroughs we spoke to have good backup and disaster recovery policies in place, but now it’s time to put them to the test and make sure they really work.”

Share Story: