The IRMS curates a regularly updated toolkit to assist UK public sector schools in their compliance with the Freedom of Information Act (2000). Arena Group's Neil Maude has written for us a series of articles looking at the practical application of its key principles. In Part 6, Neil looks at disaster recovery planning and risk mitigation.

The 7th principle of the Data Protection Act (1998) is quite clear on the obligations with regard to data security and risk: "Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

The IRMS Toolkit makes the very valid point that: "In the event of a major incident, your school should be able to stay open and will at least have access to its key administrative and teaching records."

Clearly, compliance with this legislation requires on-going management of the risks to your information stores and how these risks will be mitigated.