11. Business Continuity


Define, document and regularly test a plan to handle disasters and other incidents that may cause the digital service to be taken temporarily offline.

How point 11 improves their service

Users may expect that an online service is available 24 hours a day, 365 days a year. This means they need to have a plan for what to do if their service goes offline so that they know how users will be affected and how to get it back online.

How they’ll be assessed

Their assessment and the questions the assessors ask them will vary depending on their service and what it does.

In the discovery assessment

To pass the discovery assessment, the service team usually needs to show that they:

  • have given consideration to existing business continuity planning, including disaster recovery
  • have thought about any impact the service not being available will have on users
  • have thought about how they will assess and prioritise different incident scenarios

In the alpha assessment

To pass the alpha assessment they need to be able to explain:

  • how users would be affected if their service was unavailable for any length of time.

In the beta assessment

To pass they usually need to explain:

  • how users of the service would be affected if the service was unavailable for any length of time and how this has changed throughout beta
  • how they’re selecting technology and platforms that meet their availability requirements and how these will continue to do so in live
  • their data recovery strategy and how they’ve tested it
  • the most likely causes for the service going offline and how they plan to stop them from happening
  • their strategy for dealing with outages, including who’s responsible and the decisions they can make