scope:

Whilst business continuity can impact all staff, this standard applies specifically to the Information Technology (IT), Legal and Human Resources (HR) teams and other relevant departments dealing with business continuity.

Purpose

Information security and business continuity have one very important element in common; both protect the availability of information.

This standard covers how business disruptions and major changes shall be handled to ensure that TfL's information security continuity is effectively managed and protects the confidentiality, integrity and availability of information assets from threats and vulnerabilities.

It defines the requirements for the management of TfL information security, the controls to ensure the availability of information processing capabilities and how these requirements are integrated with TfL's IT Information Security Management System Framework (ISMS) and TfL's overarching Business Continuity Management (BCM) requirements.