6.1 Disaster Recovery Plan Standard
6.1.1. Overview
Since disasters happen so rarely, management often ignores the disaster recovery planning process. This standard requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters are not limited to adverse weather conditions. Any event that could likely cause an extended delay of service should be considered. The ITS Disaster Recovery Plan is often part of the Business Continuity Plan.
6.1.2. Purpose
This standard defines the requirement for a baseline disaster recovery plan to be developed and implemented by Highline College that will describe the process to recover IT Systems, Applications and Data from any type of disaster that causes a major outage.
6.1.3. Scope
This standard is directed to the ITS Management Staff who is accountable to ensure the plan is developed, tested and kept up-to-date. This standard is solely to state the requirement to have a disaster recovery plan, it does not provide requirement around what goes into the plan or sub- plans.
6.1.4. Standard
6.1.4.1 Contingency Plans
The following contingency plans must be created:
- Computer Emergency Response Plan: Who is to be contacted, when, and how? What immediate actions must be taken in the event of certain occurrences?
- Succession Plan: Describe the flow of responsibility when normal staff is unavailable to perform their duties.
- Data Study: Detail the data stored on the systems, its criticality, and its confidentiality.
- Criticality of Service List: List all the services provided and their order of importance.
- It also explains the order of recovery in both short-term and long-term timeframes.
- Data Backup and Restoration Plan: Detail which data is backed up, the media to which it is saved, where that media is stored, and how often the backup is done. It should also describe how that data could be recovered.
- Equipment Replacement Plan: Describe what equipment is required to begin to provide services, list the order in which it is necessary, and note where to purchase the equipment.
- Mass Media Management: Who is in charge of giving information to the mass
- media?
- Also provide some guidelines on what data is appropriate to be provided.
After creating the plans, it is important to practice them to the extent possible. Management should set aside time to test implementation of the disaster recovery plan. Table top exercises should be conducted ?. During these tests, issues that may cause the plan to fail can be discovered and corrected in an environment that has few consequences.
The plan, at a minimum, should be reviewed and updated on as needed basis.
6.1.5. Compliance
6.1.5.1 Compliance Measurement
ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.
6.1.5.2 Exceptions
Any exception to the standard must be approved by ITS in advance.
6.1.5.3 Non-Compliance
An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.
6.1.6. Related Standards, Policies, and Processes
ITS Disaster Recovery Plan
6.1.7. Revision History
Date | By | Summary |