Policies and Standards ISO PS002 Business Continuity and Disaster Recovery [Previous]  [Next]  [Policy Home]

Policy Name: Business Continuity and Disaster Recovery Planning
Policy Number: IS PS002
Effective Date: July 23, 2007
Review Date: July 23, 2008
Last Revision Date: July 23, 2007
Last Revision By: Bruce Edwards
Contact Name: Bruce W. Edwards
Contact Email: ISOPolicy@louisville.edu
Approved By: Compliance Oversight Council
Version: 1.0

POLICY:

Effective business continuity and disaster recovery plans are required in all areas of the University.

Each Academic Unit and Administrative Division must develop plans that will allow it to perform its core required operations in an alternative fashion as well as an appropriate disaster recovery policy for their working environment.

An effective Business Continuity Plan (BCP) contains the steps outlined below. Each School, Administrative Division or other University entity's BCP is expected to contain these steps, as appropriate, completed in a proficient and well documented manner.

Note: The Information Technology Operations Center is available to consult on the BCP process (see http://louisville.edu/it/aboutit/ for contact information.)

Administrative Standards:

1. Perform Gap Analysis
2. Conduct Risk Assessment
3. Perform Business Impact Analysis
4. Determine Continuity/Recovery Strategy
5. Implement Continuity/Recovery Strategy
6. Establish BCP and Disaster Recovery Maintenance and Awareness Program

Also see IS PS015 Backup of Data.

SCOPE / APPLICABILITY:

All persons while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.

POLICY AUTHORITY / ENFORCEMENT:

The University's Information Security Officer (ISO) is responsible for the development and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.

POLICY REVIEW:

This policy will be reviewed annually to determine if the policy is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed.

COMPLIANCE:

Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.

Version / Revision Date / Description

1.0 / July 23, 2007 / Original Publication

Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council

[Next]