10. Business Continuity

Contents

Define, document and regularly test a plan to handle disasters and other incidents that may cause the digital service to be taken temporarily offline.

How point 10 improves the service

Users may expect that an online service is available 24 hours a day, 365 days a year. This means they need to have a plan for what to do if their service goes offline so that they know how users will be affected and how to get it back online.

How they’ll be assessed

Their assessment and the questions the assessors ask them will vary depending on their service and what it does.

In the discovery assessment

To pass, the service team usually need to:

  • show that they have given consideration to existing business continuity planning, including disaster recovery
  • show that they have thought about any impact the service not being available will have on users
  • show that they have thought about how they will assess and prioritise different incident scenarios

In the alpha assessment

To pass, the service team usually need to:

  • explain how users would be affected if their service was unavailable for any length of time.

In the beta assessment

To pass, the service team usually need to:

  • explain how users of the service would be affected if the service was unavailable for any length of time and how this has changed throughout beta
  • explain how they’re selecting technology and platforms that meet their availability requirements and how these will continue to do so in live
  • explain their data recovery strategy and how they’ve tested it
  • explain the most likely causes for the service going offline and how they plan to stop them from happening
  • explain their strategy for dealing with outages, including who’s responsible and the decisions they can make