State the term Availability - organisational security scheme
What data needs to be available continually, compared to data which can be "off line" for limited periods.
The security policy must be part of an overall organisational security scheme, which should be abided by everyone in the organisations. For example, even the Chairman of the company tries to turn off virus scanning because he finds it inconvenient to see the emails could be viewed seriously. This kind of policies could stand as acid test of an organisation's commitment to its security policy. In case of emergencies, suspending certain aspects of the security policy, even temporarily can be risky since a security breach could result in total data or business loss, and consequently could cost many times more to recover.