Business Continuity & Downtime
Because CCMS (SystmOne) and PhIS are cloud-based, a network, power, or system failure can interrupt access at any time. Business Continuity is the discipline of keeping patient care safe and continuous during that downtime — and restoring complete, auditable records once the system returns. It is the operational answer to ISO 22301 (Business Continuity Management).
This page explains the platform-level continuity model that applies wherever CCMS is used. Each facility implements it through its own Business Continuity Plan (BCP) — see the KK Bandar Maharani BCP↴ for a worked example with activation thresholds, team roles, and unit fallback SOPs.
Why it matters
Triage, consultation, prescribing, and dispensing continue on paper so no patient is turned away during an outage.
Everything done manually must be restored into CCMS/PhIS so the legal record stays complete and auditable.
Downtime handling is governed by ISO, KKM, and JKN directives — not improvised.
The downtime lifecycle
Detect & Activate
A critical system becomes inaccessible (network, power, application, hardware, or security incident). Once the facility threshold is exceeded, the BCP is activated and staff switch to manual workflows.
Sustain Care Manually
Registration, clinical notes, prescriptions, and procedures are recorded on paper using standard fallback forms — preserving the same record-quality expectations as the EMR.
Recover the System
Once ICT confirms systems are operational, the BCP is stood down and manual records are collected for re-entry.
Re-Enter & Reconcile
Manual data is entered into CCMS/PhIS and cross-checked for accuracy, prioritising critical patients first. See Documentation & Medication Safety During Downtime↴.
Report & Review
A BCP report documents the incident and recovery; records are retained for audit and a post-incident review is conducted.
Compliance anchors
The continuity model is built on overlapping ISO and Malaysian requirements:
Requires organisations to plan for, respond to, and recover from disruption — including restoring all manually captured data after an outage. ISO 22301
Mandates complete, auditable records and prevention of data gaps — satisfied by mandatory post-downtime re-entry. ISO 27001
Requires system, application, and data recovery through backup restoration after disruption. DKICT-V5
Facilities must collect manual records after downtime, re-enter data, and complete BCP reporting (Garis Panduan Pelaksanaan BCP PhIS & ICT 2024).
In this section
Contributor
Dr Fuad Jaafar
Facilitator, CCMS • KK Bandar Maharani