Principle 5: Business Continuity

Classification:  Business Principle

Statement: Enterprise operations are maintained regardless of any system interruptions.

Rationale: As system operations become increasingly pervasive, we become more dependent on them; therefore, we must consider the reliability of such systems throughout their design and use. Where possible, critical business functions throughout the enterprise must be provided with the capability to continue regardless of external events, such as but not limited to; hardware failure, natural disasters or data corruption. The enterprise business functions must be capable of operating on alternative information delivery mechanisms, we will look to enhance this capability over time.


  • Dependency on shared system applications mandates that the risks of business interruption must be established in advance and managed.
  • Management includes but is not limited to periodic reviews; testing for vulnerability and exposure; or designing mission-critical services to ensure business function continuity through redundant or alternative capabilities.
  • Recoverability, redundancy, and maintainability should be addressed at the time of design.
  • Applications must be assessed for criticality and impact on the enterprise mission in order to determine what level of continuity is required and what corresponding recovery plan is necessary.
  • Metrics surrounding availability, operational and service level agreements must be mandated as part of the design process.