The Disaster Recovery Standard provides information for critical process and function owners and support personnel about what they should do to prepare for a disaster to ensure that RIT as a whole can restore and continue operations.
This standard applies to:
Process/function owners who use RIT Information Resources to perform their processes/functions.
Organizations that provide RIT Information Resources to support critical processes/functions.
The standard does not apply to non RIT Information Resource restoration.
Critical—Information or a process/function which if corrupted, lost, interrupted or made inaccessible during a disruption would pose a significant life, safety, financial, reputation, or other risk to RIT.
Non-Critical—Information or process/function which if corrupted, lost, interrupted or made inaccessible during a disruption would pose a minimal risk to RIT. The information or process/function could be supplied through alternate means during the disruption or delayed until after the disruption.
Requirements for Process Owners
The following security controls are required to be implemented:
Every RIT organizational unit should identify all critical processes/functions for which they are the process/function owner. Departments may use the continuity system for this purpose by coordinating with the Business Continuity Office.
For each critical process/function, departments will assign a Recovery Time Objective (RTO). An RTO is the minimum acceptable time a technology resource that is used to complete a process/function can be unavailable. Alternate methods of performing the process/function may be employed while the technology resource is being recovered.
Departments are responsible for identifying the technology resources that support each critical process/function. These resources include applications, software, hardware, and network (voice and data).
Departments should identify IT and other organizations supporting critical processes/functions.
Departments may use the recovery planning system for documenting critical processes/functions, RTOs, technology, IT Departments, RIT information, and RPOs by coordinating with the Business Continuity Office, or may use the form located at http://www.rit.edu/fa/buscont/. Forms should be provided to the Business Continuity Office for entry into the recovery planning system.
Process/function owners should identify training requirements and determine appropriate training procedures.
Training will include restoration and recovery procedures to return the process/function to its pre-disaster state.
Departments should cooperate with supporting IT and other organizations to test restoration and recovery procedures on a periodic basis determined by the Divisional VP or Provost (Information Trustee).
IT organizations and business process owners will develop, maintain, and test backup and recovery/ restoration procedures services (frequency of testing to be determined by process owner, IT organization, and contractual obligations) that support critical processes/functions to support academic/business unit recovery and disaster recovery.