You have plans to deal with serious disruption, and you back up key systems, applications and data to protect against loss of personal data.
Ways to meet our expectations:
- You have a risk-based Business Continuity Plan to manage disruption and a Disaster Recovery Plan to manage disasters, which identify records that are critical to the continued functioning of the organisation.
- You take back-up copies of electronic information, software and systems (and ideally store them off-site).
- The frequency of backups reflects the sensitivity and importance of the data.
- You regularly test back-ups and recovery processes to ensure they remain fit for purpose.
Can you answer yes to the following questions?
- Are staff aware of the plans and are they easy to access?
- Could staff explain the effectiveness of the plans and how to test them?