Part of Data Security Standard 7 - Continuity planning
Business continuity and disaster recovery - part 1 (7.1.2)
Definition and background
The terms business continuity and disaster recovery are often interchanged and sometimes viewed as the same thing. A business continuity plan (BCP) is concerned with how you keep the organisation going and could involve relocation and reshaping services.
Disaster recovery is effectively a plan of attack of how you fix the problem and return the organisation back to normality.
In the care system, organisation business continuity tends to focus on:
- "Acts of God" – such as flooding or high winds
- staffing – such as medical virus outbreak or industrial action
- major incidents – such as a terrorist attack or major fire
- site unavailability – such as a power outage or road issues
- extreme demand – such as winter pressures or service closures elsewhere
The global WannaCry cyberattack in May 2017 has reaffirmed the potential for cyber incidents to impact directly on patient care and the need for our health and care system to act decisively to minimise the impact on essential frontline services.
Your Data: Better Security, Better Choice, Better Care, government response.
Whereas the IT tends to focus on disaster recovery, with a focus on:
- identifying IT objectives and timescales
- priority of recovery
- the recovery team
- actions for recovery
For smaller organisations, there tends to be one type of plan which would mitigate against their most common risks.
Last edited: 27 September 2022 11:31 am