Business Continuity and Disaster Recovery Policy

Version 1.0

For Students, Faculty, Staff, Guests, Alumni


The purpose of this policy is to ensure the continuity and recovery of the University’s business following the loss of IT Resources.


This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • Business units using University IT Resources must have documented Business Continuity (BC) and Disaster Recovery (DR) plans.
  • Supervisors are responsible for briefing staff on their roles and responsibilities related to DR planning, including developing, updating, and testing plans.
  • Business units are responsible for ensuring sufficient financial, personnel, and other resources are available as necessary to maintain technological BC and DR.
  • The following recovery maintenance activities must be conducted periodically:
    • Review the BC and DR objectives and strategy,
    • Update documented BC and DR plans,
    • Update the internal and external contacts lists,
    • Conduct a DR simulation/tabletop exercise,
    • Conduct a DR telecommunication exercise,
    • Conduct a recovery test in partnership with the Office of Information Technology,
    • Verify the alternate site technology, if applicable. and
    • Verify the hardware platform requirements, if applicable.


Business Continuity is an ongoing process to ensure that necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services.

Disaster Recovery is the ability to restore an organization’s critical systems and return the entity to an acceptable operating condition following a catastrophic event by activating a disaster recovery plan. Disaster recovery is a subset of business continuity planning.

Disaster Recovery Plan is a recovery plan to reestablish an organization’s critical business applications and services following a disaster or significant impacting event.

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Implementation Information

Review Frequency: Triennial
Responsible Person: Senior Director of IT Security and Assurance
Approved By: CISO
Approval Date: March 30, 2020

Revision History

Version: Date:
1.0 03/30/2020 Initial document

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) may only be done cooperatively between ISA and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Failure to adhere to ISA written policies may be met with University sanctions.

 Need Help?

Walk-In Centers

McShane Center 229 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours