You asked
Please provide the disaster recovery/business continuity plan for each section/department.
We said
We consider the knowledge of our Business Continuity Plans (BCPs), could provide external parties with information about how to disrupt our service and subsequently use that disruption to attempt to access either site or services. BCPs contain information regarding how ONS would respond to crisis situations and emergencies as well as key information about our IT and software infrastructure. The purpose of BCPs is to create systems of prevention and recovery to deal with potential threats to an organisation. To make the information public would defeat the purpose of the planning and put the organisation at risk. As such we believe the information requested is exempted under S31(1)(a) - the prevention or detection of crime. To use this exemption we are required to consider the public interest test, and whilst we note there are public interest arguments in favour of transparency and disclosure we have decided that these are outweighed by other public interest factors that are in favour of non-disclosure. Principally we consider that release of the information requested would prejudice our ability to deal with potential threats to our organisation.