Contact

Data Recovery Authority maintains a public-facing contact channel for provider network-related inquiries, provider accuracy concerns, and sector-specific research requests. This page describes the appropriate channels, expected response timelines, and the information that should accompany each type of inquiry to ensure efficient handling.

What to include in your message

The nature of the inquiry determines what supporting information accelerates a response. Provider Network-related correspondence falls into four primary categories, each requiring distinct documentation:

1. Provider accuracy disputes — Include the specific provider in question (provider name, location, and the Data Recovery Providers page where it appears), the nature of the inaccuracy, and any publicly verifiable source supporting the correction. Disputes referencing regulatory actions should cite the relevant agency — for example, a Federal Trade Commission enforcement action or a state attorney general ruling — by docket number or public document identifier.

2. New provider submissions — Provide the provider's full legal business name, physical service address, licensing or certification credentials (e.g., ISO/IEC 17025 accreditation for laboratory competence, or relevant CISA-recognized certifications), and the scope of services offered. Submissions lacking verifiable credential documentation are held pending verification rather than rejected outright.

3. Research and press inquiries — Identify the publication or institution, the scope of the research topic, and the specific sector data or structural information sought. Requests tied to named regulatory frameworks — such as NIST SP 800-86 (Guide to Integrating Forensic Techniques into Incident Response) or standards published by the Scientific Working Group on Digital Evidence (SWGDE) — are prioritized for response.

4. Technical or classification feedback — If a page classification (e.g., forensic recovery vs. logical recovery vs. physical media reconstruction) appears inconsistent with industry-standard definitions, include the specific page reference and the authoritative source supporting the alternative classification.

Messages that omit the category type or provide no verifiable reference point are processed in the order received but may receive a delayed or partial response.

Response expectations

Correspondence received through the primary contact channel is reviewed during standard business processing windows. Turnaround time varies by inquiry type:

• Provider accuracy disputes — Initial acknowledgment as processing allows; resolution dependent on verification complexity.
• New provider submissions — Review and status notification within 7–10 business days.
• Research inquiries — Responses are not guaranteed but are prioritized for inquiries tied to named public-sector investigations, academic institutions, or recognized standards bodies such as NIST, ISO, or SWGDE.
• Technical feedback — Addressed on a rolling editorial review cycle.

Provider Network content follows a structured editorial process aligned with publicly documented cybersecurity sector standards. Provider decisions referencing regulatory status — including sanctions lists maintained by the Office of Foreign Assets Control (OFAC) or disciplinary records held by state-level licensing boards — are subject to independent verification before any change is published.

Automated or bulk-submission messages are filtered prior to human review and are not guaranteed any response.

Additional contact options

For inquiries related to the broader cybersecurity reference network, the parent domain National Cyber Authority maintains separate editorial channels covering cybersecurity policy, incident response frameworks, and data security sector classification. Cross-domain referrals from Data Recovery Authority to that network are handled through the same primary contact address.

Inquiries concerning data security provider network providers — as distinct from data recovery service providers — fall under the scope of Data Security Authority, a separate national-scope provider network within the same reference network.

Researchers working on chain-of-custody standards, digital forensics laboratory accreditation, or regulatory compliance frameworks under the Computer Fraud and Abuse Act (18 U.S.C. § 1030) or state equivalents may find the page relevant before initiating contact, as it defines the classification boundaries that govern what this provider network covers and excludes.

How to reach this office

Primary email contact:
[email protected]

This address handles all four inquiry categories described above. Subject line formatting that identifies the inquiry type (e.g., "Provider Dispute — [Provider Name]" or "Research Inquiry — NIST 800-86 Sector Data") reduces processing time.

Correspondence submitted without a subject line or with a generic subject is processed in sequence but receives no priority routing. Physical mail is not accepted for provider network inquiries. Phone support is not available for this provider network property.

For inquiries that involve a documented regulatory or legal proceeding — including those referencing evidence preservation requirements under Federal Rules of Evidence Rule 902(13) or Rule 902(14) governing electronic record authentication — the message should identify the proceeding type and jurisdiction so that the appropriate editorial pathway is followed.