Have business continuity and disaster recovery plans in place so you can take appropriate and timely actions to protect personal information from further loss of confidentiality, integrity or availability.
Options to consider:
- Formally document plans for business continuity and disaster recovery.
- Periodically review, test and update plans.
- Ask senior staff to authorise the plans.
- Define and document roles and responsibilities for staff involved in business continuity and disaster recovery.
- Train all staff on what to do in the event of a systems or network outage.
- Test business continuity and disaster recovery plans to ensure they remain up-to-date and fit for purpose.
- Conduct lessons learned activities to identify and understand any changes you need to make to the plans.