| Title: | Business Continuity & Disaster Recovery, Information Technology |
|---|---|
| Policy Owner: | Information Technology Services / Chief Information Security Officer |
| Applies to: | All University Departments, System Owners, and Data Owners |
| Campus Applicability: | All UConn Campuses, except UConn Health |
| Approval Date: | February 20, 2026 |
| Effective Date: | March 9, 2026 |
| For More Information, Contact: | UConn Information Security Office |
| Contact Information: | techsupport@uconn.edu or security@uconn.edu |
| Official Website: | https://security.uconn.edu |
PURPOSE
To establish requirements for business continuity and disaster recovery planning to protect and recover university systems and data from disruptive events or disasters.
APPLIES TO
All University Departments, System Owners, and Data Owners
DEFINITIONS
Business Continuity Plan (BCP): A strategic framework that outlines procedures and safeguards to ensure the University, department or unit can continue operations and recover quickly from disruptive events or disasters.
Disaster Recovery Plan (DRP): A documented strategy that outlines how the University, department or unit will respond to unplanned incidents, ensuring the recovery of IT systems and data. It typically includes policies, procedures, and responsibilities to restore access to compromised systems after disasters such as cyber-attacks or natural events. The plan serves to protect critical assets and promote business continuity in the face of disruptions.
POLICY STATEMENT
Each University department will maintain a current, written and tested Business Continuity Plan (BCP) that addresses the department’s response to unexpected events that disrupt normal business (for example, fire, vandalism, system failure, and natural disaster).
The BCP will be an action-based plan that addresses critical systems and data. Analysis of the criticality of systems, applications, and data will be documented in support of the BCP.
Emergency access procedures will be included in the BCP to address the retrieval of critical data during an emergency.
The Business Continuity Plan (BCP) will include a Disaster Recovery Plan (DRP) that addresses maintaining business processes and services in the event of a disaster and the eventual restoration of normal operations. The BCP and DRP will contain a documented process for annual review, testing, and revision. Annual testing of the BCP will include desk audits, and should also include tabletop testing, walkthroughs, live simulations, and data restoration procedures, where appropriate. The BCP will include measures necessary to protect Confidential Data during emergency operations.
Data Administrators are responsible for implementing procedures for critical data backup and recovery in support of the BCP. The data procedures will address the recovery point objective and recovery time objectives determined by the Data Steward and other stakeholders.
ENFORCEMENT
Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.
POLICY HISTORY
Policy created: May 16, 2012
Revisions: February 20, 2026 (Approved by the Senior Policy Council)