Business Continuity & Disaster Recovery, Information Technology

Title: Business Continuity & Disaster Recovery, Information Technology
Policy Owner: Information Security Office
Applies to: Students, Employees, Users
Campus Applicability: All University departments at all campuses except UConn Health
Effective Date: May 16, 2012
For More Information, Contact Chief Information Security Officer
Contact Information: (860) 486-8255
Official Website: http://security.uconn.edu/

This policy is available in the Information Security Policy Manual.

Each University department will maintain a current, written and tested Business Continuity Plan (BCP) that addresses the department’s response to unexpected events that disrupt normal business (for example, fire, vandalism, system failure, and natural disaster).

The BCP will be an action-based plan that addresses critical systems and data. Analysis of the criticality of systems, applications, and data will be documented in support of the BCP.

Emergency access procedures will be included in the BCP to address the retrieval of critical data during an emergency.

The BCP will include a Disaster Recovery (DR) Plan that addresses maintaining business processes and services in the event of a disaster and the eventual restoration of normal operations. The BCP and DR Plan will contain a documented process for annual review, testing, and revision. Annual testing of the BCP will include desk audits, and should also include tabletop testing, walkthroughs, live simulations, and data restoration procedures, where appropriate. The BCP will include measures necessary to protect Confidential Data during emergency operations.

Data Administrators are responsible for implementing procedures for critical data backup and recovery in support of the BCP. The data procedures will address the recovery point objective and recovery time objectives determined by the Data Steward and other stakeholders.

Policy Created: May 16, 2012