Book doctors, shop health and beauty products, and access trusted health content — in 110 languages. All in one place.

Your cart

Your cart is empty

Continue shopping

Business Continuity & Disaster Recovery Policy

Effective Date: 23/05/2025 Issued by: Clinicians Check Limited

1. Purpose

This policy outlines CliniciansCheck’s framework for maintaining service continuity and recovering from operational disruptions, including technical failures, cyberattacks, pandemics, or natural disasters.

Our goal is to ensure minimal impact to platform users, data security, and service integrity — safeguarding patient trust and professional obligations.

2. Scope

This policy applies to all operations, digital services, cloud infrastructure, internal systems, and data handling conducted by CliniciansCheck or its authorised partners.

It includes continuity planning for:

  • Platform functionality and uptime

  • Clinician and patient access

  • User data protection

  • Staff communication and remote operations

  • Supplier dependencies

3. Business Continuity Measures

We maintain the following preventive and readiness measures:

  • Cloud-native infrastructure with automated scaling and failover

  • Data redundancy and daily backups across secure locations

  • Remote-first workforce model with VPN-secured, cloud-based collaboration

  • Critical systems identification and priority restoration tiers

  • Operational runbooks for key business functions and emergency contact trees

4. Disaster Recovery Measures

In the event of a major incident:

  • Incident response protocols are activated within 30 minutes

Platform recovery targets:

  • RTO (Recovery Time Objective): ≤ 12 hours

  • RPO (Recovery Point Objective): ≤ 4 hours

  • Data is restored from encrypted backups

  • Status updates are provided to affected users via email, status pages, and social media if required

External cybersecurity or forensic consultants may be engaged as needed

5. Types of Events Covered

This policy applies to:

  • Cloud or server outages

  • Cyberattacks, ransomware, or data breaches

  • Power failures or utility disruptions

  • Pandemics, public health emergencies

  • Natural disasters (flood, fire, earthquake, etc.)

  • Key supplier failures or partner system outages

6. Roles and Responsibilities

Roles and Responsibilities

Business Continuity Lead: Oversees business continuity planning, internal training, and scenario testing. Ensures the framework is current and effective.

CTO / Engineering Team: Maintains infrastructure readiness, including uptime architecture, backup systems, and server resilience.

Security & Compliance Team: Responds to data breaches or security incidents, manages disaster recovery processes, and coordinates with regulators if necessary.

Operations Team: Ensures timely communication with clinicians, patients, and support teams. Manages logistics and service continuity for core platform functions.

7. Testing and Review

We conduct annual testing of our business continuity and disaster recovery plans, including:

  • Simulation of outages and cloud region failures

  • Communication drills

  • Backup restoration tests

The policy is reviewed annually or after any major incident.

8. Communication Protocol

During a continuity incident, communication will be prioritised to:

  • Affected clinicians and patients

  • Regulatory bodies, if required

  • Platform-wide notification banners or updates

  • Internal teams and suppliers

  • We maintain a designated incident status page (internal or public) when appropriate.

9. Regulatory Alignment

This policy aligns with:

  • ISO/IEC 27001 Annex A.17 (Information Security Aspects of Business Continuity)

  • UK GDPR & NHS DSP Toolkit incident response guidelines

  • NIST SP 800-34 (Contingency Planning for Information Systems)

10. Contact

For questions about this policy or to request our full BC/DR plan, please contact:

operationsteam@clinicianscheck.com

Clinicians Check Limited, 2 Harley Street, London, UK

11. Supplier & Third-Party Dependencies

We maintain a regularly reviewed register of third-party vendors, infrastructure providers, and mission-critical dependencies. Contracts include data recovery, security, and service continuity clauses aligned with our platform’s resilience goals.

12. Escalation Matrix

Incidents are triaged by severity level (e.g., P1–P3). Priority 1 (P1) outages trigger executive oversight and hourly status reporting until resolved.