Internet explorer is no longer supported
We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Part of Data Security Standard 7 - Continuity planning
- Business continuity and disaster recovery - part 1 (7.1.2)
- Know your services (7.1.1)
Current chapter – Business continuity and disaster recovery - part 1 (7.1.2)
- Business continuity and disaster recovery - part 2 (7.1.2 - 7.1.4)
Definition and background
The terms business continuity and disaster recovery are often interchanged and sometimes viewed as the same thing. A business continuity plan (BCP) is concerned with how you keep the organisation going and could involve relocation and reshaping services.
Disaster recovery is effectively a plan of attack of how you fix the problem and return the organisation back to normality.
In the care system, organisation business continuity tends to focus on:
- "Acts of God" – such as flooding or high winds
- staffing – such as medical virus outbreak or industrial action
- major incidents – such as a terrorist attack or major fire
- site unavailability – such as a power outage or road issues
- extreme demand – such as winter pressures or service closures elsewhere
The global WannaCry cyberattack in May 2017 has reaffirmed the potential for cyber incidents to impact directly on patient care and the need for our health and care system to act decisively to minimise the impact on essential frontline services.
Your Data: Better Security, Better Choice, Better Care, government response.
Whereas the IT tends to focus on disaster recovery, with a focus on:
- identifying IT objectives and timescales
- priority of recovery
- the recovery team
- actions for recovery
For smaller organisations, there tends to be one type of plan which would mitigate against their most common risks.
Last edited: 27 September 2022 11:31 am
- Data Security Standard 7 - Continuity planning
- Business continuity and disaster recovery - part 3 (7.2.1 - 7.2.2)
- Business continuity and disaster recovery - part 4 (7.3.1 - 7.3.6)
NHS England Business Continuity Management Framework (service resilience) (2013): This document highlights the need for business continuity management in NHS organisations so that they can maintain continuity of key services in the face of disruption from identified local risks.
The Business Continuity Plan is accessible in paper format via the EPLO for the Trust or electronically via the intranet. Figure 3. The Business Continuity Planning Process 1.7 Identify Critical services To develop a complete Business Continuity plan it is very important that the business is fully understood with an all-inclusive list of critical
of and ensuring improvements are made to the business continuity systems of the organisation. Split into the Plan, Do, Check, Act cycle the hope is the toolkit can be used no matter where your organisation is on the business continuity cycle to drive improvements in planning and raise the standard of business continuity preparedness across NHS
A business continuity plan (BCP) is concerned with how you keep the organisation going and could involve relocation and reshaping services. Disaster recovery is effectively a plan of attack of how you fix the problem and return the organisation back to normality. In the care system, organisation business continuity tends to focus on: