Requirements for Information Communication (2007 Edition)

7 - Business continuity planning (including archiving)

Page last updated: 14 January 2008


Laboratories must have a business continuity plan.


The business continuity plan should include procedures for regular backup of electronic data, systems recovery, application recovery, and data recovery or restoration. It should also include procedures for assessing the extent of damage or data loss in the event of a disaster.


The business continuity plan should include alternative procedures to enable continued operation, receipt of requests, and delivery of reports.
Standards for a business continuity plan are described in AS/NZS ISO/IEC 17799:2001 Information Technology — Code of Practice for Information Security Management.
All data should be retained in either an archival or online format for appropriate periods to comply with legal requirements. This will vary according to the test(s) performed (histology or cytopathology versus blood tests), the patient’s age and jurisdiction-specific legislation and regulations.

In general, data should be retained for as long as technically feasible in an online, directly accessible format to permit comparison of current results with historical results. If the archived data are not immediately available, the procedure to find and restore data to the active database should be documented.