medCrowd requires JavaScript - please enable JavaScript in your browser if you wish to use App.

Skip to Content

  Please use the latest version of a supported browser with JavaScript enabled:     Got it - don't show me this again


SUPPORTED MOBILE BROWSERS
ANDROID AND IOS
  • Chrome
  • Firefox
ANDROID ONLY
  • Android v5.0+
IOS ONLY
  • Safari
WINDOWS 10 MOBILE
  • Edge
SUPPORTED DESKTOP BROWSERS
WINDOWS AND MAC
  • Chrome 12+
  • Firefox 16+
  • Opera 15+
MAC ONLY
  • Safari 6+
WINDOWS ONLY
  • Edge
  • Internet Explorer 10+

Information Continuity Policy

Classification Public
Location https://www.medcrowd.com/compliance/iso27001/policies/InformationContinuity
Author Paul Gardner
Approver Felix Jackson
Approved 14th December 2016
Date Author Changes
19th June 2023 Paul Gardner Periodic review
6th June 2022 Paul Gardner Periodic review
16th February 2021 Paul Gardner Periodic review
28th April 2020 Paul Gardner Specify how often backup restores are tested
12th February 2020 Paul Gardner Periodic review
15th May 2018 Paul Gardner Periodic review
15th November 2016 Paul Gardner Moved to the web
17th May 2016 Paul Gardner Change document location
30th July 2015 Paul Gardner Periodic review
8th September 2014 Paul Gardner Rebranding
2nd July 2014 Paul Gardner Initial revision

Introduction

This policy is part of the medDigital ISMS and must be fully complied with.

There is always a risk that systems and/or procedures will fail resulting in loss of access to information, data and systems, despite the implementation of best practice. This policy will will help ensure that information and data is backed up and restored securely in the most efficient and secure manner possible.

IT Systems

  1. The IT team are responsible for providing system support and data backup tasks and must ensure that adequate backup and system recovery practices, processes and procedures are followed inline with data retention policies.
  2. All backup and recovery procedures are documented, regularly reviewed and made available to trained personnel who are responsible for performing data backup and recovery.
  3. Backups must be encrypted inline with the Cryptography policy.
  4. Backups must be scheduled, automated and auditable.
  5. Access to backups must be restricted to authorised personnel.
  6. Quarterly tests must be carried out to ensure the backup and recovery procedures are working as expected. The outcome of these tests should be stored in M:\IT\Compliance\Backup Tests.

Personnel Responsibilities

Employees and contractors also have a responsibility to ensure data is securely maintained and is available for backup. In accordance with the Physical Security Policy, data must not be stored on the local drive of any computer. The M: drive must be used. Local drives are NOT backed up and are therefore at risk of damage, corruption or loss.

Restoration

Restoration of core IT systems must be performed by authorised personnel only.

Redundancy

All Core IT systems must be highly available and have no single point of failure. Where possible, load balancers, multiple availability zones/datacenters should be utilised to help ensure that a data center disaster does not impact operations.