The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Business continuity, disaster recovery and back-ups

You have plans to deal with serious disruption, and you back up key systems, applications and data to protect against loss of personal data.

Ways to meet our expectations:

  • You have a risk-based Business Continuity Plan to manage disruption and a Disaster Recovery Plan to manage disasters, which identify records that are critical to the continued functioning of the organisation.
  • You take back-up copies of electronic information, software and systems (and ideally store them off-site).
  • The frequency of backups reflects the sensitivity and importance of the data.
  • You regularly test back-ups and recovery processes to ensure they remain fit for purpose.

Can you answer yes to the following questions?

  • Are staff aware of the plans and are they easy to access?
  • Could staff explain the effectiveness of the plans and how to test them?