In the event of a security failure or a disaster, natural, accidental or deliberate, vital business processes still need to be carried out. Having documented business continuity plans and procedures assists this process enabling all staff to know what they need to do in the event of a security failure or disaster.
There has been an assessment of the risks to all systems where information critical to the running of the organisation is held.
There has been an assessment of the risks to all systems where information critical to the running of the organisation is held which has been documented.
There is a business continuity plan that has been approved by senior management. All staff are aware of their roles and responsibilities.
There is an approved business continuity plan in place, which has been approved by senior management.
Latest Information Governance Review meeting
All relevant staff are made aware of the business continuity plan and any implications for their role.
There is an approved business continuity plan in place which has been tested. The business continuity plan is regularly reviewed.
Annual testing is carried out to ensure that business continuity plans are effective and robust and will work in an operational environment.
Latest Information Governance Review meeting