Statutory or Legal requirements for Business Continuity Plan/Disaster Recovery Plan: Laws and regulations differ from one country or one industry to another, although there is a basic expectation that organizations will act responsibly. In Australia, regulations to be observed concerning business continuity and disaster recovery exist for specific sectors such as finance. In healthcare in the USA, the Health Insurance Portability and Accountability Act (HIPAA) obliges organizations to have a suitable data backup plan, Disaster Recovery plan. Essentially there are two specific types of regulations. The first being the standards and requirements that must be met in order to become a member of an organization, say for instance ISO. The second being the Government regulations imposed on specific industries which must be adhered to in order to do business. These regulations are usually created for national standards of uniformity. There are few regulations that have impact on Business Continuity Plan. Sarbanes-OxleyAct makes the corporate officers liable for business continuity. It is relevant for publicly held companies in USA. IRS Procedure 86-19 requires off-site protection and documentation of computer records of tax information.

 These records must be available in the event that the primary facility is subjected to unplanned outage. Consumer Credit Protection Act (CCPA) Section 2001 Title 1X specifies due diligence for availability of data in electronic funds transfers including point of sale. Similarly, Foreign Corrupt Practices Act 1977 holds management accountable for publicly held corporations to provide reasonable protection for IT systems. Government of India through Ministry of Commerce (MoC) issued detailed guidelines vide Instruction No.D.12/25/2012-SEZ dated 22 February 2013 (‘guidelines’) for setting up Business Continuity Plan and Disaster Recovery Plan for IT/ITES SEZs. A robust Business Continuity Plan, Disaster Recovery Plan and Pandemic Plan also gives lot of confidence to the customers. It has also been observed that in many Request for Proposals or Request for Information the customers now have a specific section to get more details about these plans in the vendor organization. So as a good business practice it is advised to have a detailed plan for business sustenance.

K Satish Kumar

K Satish Kumar, is a Keynote Speaker, Author, the Global Head of Legal and Chief Data Protection Officer of Ramco Systems. Among the many awards he has received, the coveted are “Top 50 Legal Leaders 2019” by Legal IP Gorilla in Singapore, “GC PowerListIndia 2018” by London based Legal 500 , “Legal Counsel of the Year -2018” by INBA. He is actively involved in many pro bono activities through Chennai Lawyers. The author can be reached at The views expressed are his personal.

For his other Publications read here.


About High Performance Counsel (HPC)

Founded by international lawyer and successful legal technology founder, David Kinnear, High Performance Counsel (HPC) is the leading business media resource covering the modern legal industry and the people, technology and economic forces driving its future. Described as the “voice of the modern legal industry” HPC provides world-class media coverage via one-to-one feature interviews with leading legal professionals and the publication of key insights via articles, white papers and industry commentary.

Visit us online here:
Follow us on Twitter:
Connect with David Kinnear on LinkedIn:
Connect with HPC on LinkedIn:

For more information, click here.

Further information / press inquiries:

High Performance Counsel ™ (HPC)
NY: +1 (917) 886-3222
London: +44 (07547) 128191