|Title:||Business Continuity & Disaster Recovery, Information Technology|
|Policy Owner:||Information Security Office|
|Applies to:||Students, Employees, Users|
|Campus Applicability:||All University departments at all campuses except UConn Health|
|Effective Date:||May 16, 2012|
|For More Information, Contact||Chief Information Security Officer|
|Contact Information:||(860) 486-8255|
This policy is available in the Information Security Policy Manual.
Each University department will maintain a current, written and tested Business Continuity Plan (BCP) that addresses the department’s response to unexpected events that disrupt normal business (for example, fire, vandalism, system failure, and natural disaster).
The BCP will be an action-based plan that addresses critical systems and data. Analysis of the criticality of systems, applications, and data will be documented in support of the BCP.
Emergency access procedures will be included in the BCP to address the retrieval of critical data during an emergency.
The BCP will include a Disaster Recovery (DR) Plan that addresses maintaining business processes and services in the event of a disaster and the eventual restoration of normal operations. The BCP and DR Plan will contain a documented process for annual review, testing, and revision. Annual testing of the BCP will include desk audits, and should also include tabletop testing, walkthroughs, live simulations, and data restoration procedures, where appropriate. The BCP will include measures necessary to protect Confidential Data during emergency operations.
Data Administrators are responsible for implementing procedures for critical data backup and recovery in support of the BCP. The data procedures will address the recovery point objective and recovery time objectives determined by the Data Steward and other stakeholders.
Policy Created: May 16, 2012