top of page
  • Twitter
  • Facebook
  • Linkedin
  • Instagram

Incident response and business continuity 

Introduction
This document outlines the Incident Response Policy and Business Continuity Policy for Grounded Research in relation to IT systems. It ensures the protection, recovery and continuity of our digital infrastructure, data and operations in the event of a security or service disruption.

PART A: INCIDENT RESPONSE POLICY


Purpose
To provide a clear framework for identifying, managing and resolving security and data protection incidents, minimising damage and ensuring compliance with legal and regulatory obligations (e.g. UK GDPR, Data Protection Act 2018).

Scope
This policy applies to all Grounded Research staff, contractors, IT systems, data, and digital platforms.

Definitions
Security Incident: Any attempted or actual unauthorised access, use, disclosure, modification, or destruction of data or systems.

Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of personal data.

Roles & Responsibilities
Incident Response Lead (IRL): Coordinates all incident response activities (Head of Operations).

IT Administrator: Preserves system logs and collects any relevant evidence.

Data Protection Officer (DPO): Assesses data protection implications and manages reporting obligations to the Information Commissioner’s Office (ICO) if required.

Incident Response Process
Identification

All staff must report suspected incidents to the IRL immediately via email and phone.

System monitoring tools and alerts are reviewed regularly.

Containment

Short-term: Isolate affected systems.

Long-term: Remove unauthorised access or malicious content.

Assessment

Determine the scope, severity, affected systems or data, and the root cause.

Classify the incident as Low, Medium, High, or Critical risk.

Notification

Internal stakeholders informed within 2 hours.

ICO notified within 72 hours if the incident involves a personal data breach.

Eradication and Recovery

Remove threats such as malware or access breaches.

Restore systems from secure backups and verify system integrity.

Post-Incident Review

Conducted within five working days.

Lessons learned documented and policies updated as necessary.

Record-Keeping
A central incident log is maintained and retained for a minimum of three years. This includes the incident timeline, investigation steps, outcomes and remedial actions.

PART B: BUSINESS CONTINUITY POLICY
Purpose

To ensure that Grounded Research can maintain or quickly resume essential business operations in the event of a disruption to IT services, cyberattack or major technical failure.

 

Business Impact Assessment (BIA)
Our BIA identifies:

Critical systems: CRM (Monday.com), cloud storage (Microsoft 365), survey platforms (Qualtrics).

Recovery Time Objective (RTO): 24 hours for core systems.

Recovery Point Objective (RPO): No more than four hours of data loss.

 

Key Continuity Measures
Cloud-Based Infrastructure: All core systems are cloud-hosted with built-in redundancy.

Automated Backups: Secure daily backups with offsite encrypted storage.

System Redundancy: Dual internet access and power supply protection in place.

Remote Working Capability: All staff can work remotely using secure VPN access.

 

Continuity Activation Procedure
Trigger: Initiated by the Managing Director or IRL following a major disruption.

Internal Communication: Staff and key stakeholders are informed via phone/email.

Action Plan:

Backup systems activated.

Staff roles temporarily reassigned if required.

Clients and partners informed if service delivery is impacted.

 

Testing and Review
Annual test of the business continuity and disaster recovery procedures.

Quarterly checks on backup integrity and restoration process.

Full policy review and update every 12 months or following any major incident.

bottom of page