S7.1Laboratories must have a business continuity plan.
G7.1The business continuity plan should include procedures for regular backup of electronic data, systems recovery, application recovery, and data recovery or restoration. It should also include procedures for assessing the extent of damage or data loss in the event of a disaster.
C7.1aThe business continuity plan should include alternative procedures to enable continued operation, receipt of requests, and delivery of reports.
C7.1bStandards for a business continuity plan are described in AS/NZS ISO/IEC 17799:2001 Information Technology — Code of Practice for Information Security Management.
C7.1cAll data should be retained in either an archival or online format for appropriate periods to comply with legal requirements. This will vary according to the test(s) performed (histology or cytopathology versus blood tests), the patient’s age and jurisdiction-specific legislation and regulations.
In general, data should be retained for as long as technically feasible in an online, directly accessible format to permit comparison of current results with historical results. If the archived data are not immediately available, the procedure to find and restore data to the active database should be documented.