Skip to main content

Business Continuity and Disaster Recovery Policy

Version 1.0

Purpose

The purpose of this policy is to ensure the continuity and recovery of the University’s business following the loss of IT Resources.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • Business units using University IT Resources must have documented Business Continuity (BC) and Disaster Recovery (DR) plans.
  • Supervisors are responsible for briefing staff on their roles and responsibilities related to DR planning, including developing, updating, and testing plans.
  • Business units are responsible for ensuring sufficient financial, personnel, and other resources are available as necessary to maintain technological BC and DR.
  • The following recovery maintenance activities must be conducted periodically:
    • Review the BC and DR objectives and strategy,
    • Update documented BC and DR plans,
    • Update the internal and external contacts lists,
    • Conduct a DR simulation/tabletop exercise,
    • Conduct a DR telecommunication exercise,
    • Conduct a recovery test in partnership with Fordham IT,
    • Verify the alternate site technology, if applicable. and
    • Verify the hardware platform requirements, if applicable.

Definitions

Business Continuity is an ongoing process to ensure that necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services.

Disaster Recovery is the ability to restore an organization’s critical systems and return the entity to an acceptable operating condition following a catastrophic event, by activating a disaster recovery plan. Disaster recovery is a subset of business continuity planning.

Disaster Recovery Plan is a recovery plan to reestablish an organization’s critical business applications and services, following a disaster or significant impacting event.

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Implementation Information

Review Frequency: Annual
Responsible Person: Director, IT Risk and Data Integrity
Approved By: CISO
Approval Date: March 30, 2020

Revision History

Version: Date:
Description:
1.0 03/30/2020 Initial document

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Failure to adhere to UISO written policies may be met with University sanctions.