3.1. Business Continuity Name: Business Continuity Statement: Operations are maintained in case of events that may or are known to cause service or system interruptions. Rationale: • Business activities continue regardless of external events. • Hardware failure, natural disasters, and data corruption do not disrupt or stop enterprise activities. • The enterprise business functions are capable of operating leveraging redundant information delivery mechanisms. Implications: • The risks of business interruption must be established in advance and managed. (Management includes but is not limited to planning, testing and monitoring business continuity and IT service recovery, periodic reviews, testing for vulnerabilities and exposure, or designing mission-critical services in a way that ensures business function continuity through redundant or alternative capabilities.) • Services and applications must be assessed for criticality and impact on the ESDC’s mission to determine which continuity level is required and which corresponding recovery plan must be implemented. • Recoverability, redundancy, and maintainability of enabling services and systems must be considered throughout their design and use. • Technology lifecycle must be actively managed. • Technology must be regularly and proactively upgraded. References: • TOGAF 9 Principle 4