Division of IT
Business Continuity ManagementVulnerabilities to natural, man-made, and technology-driven disasters require University business units to plan and prepare for system disruptions. Business continuity planning includes the identification of vulnerabilities, priorities, dependencies, and measures required to facilitate continuity and recovery before, during, and after a crisis. The overall goal of the Division of IT's Business Continuity Management (BCM) program is to provide a framework and a set of tools which University departments can utilize as they prepare for a disruption affecting IT services they offer. Through these efforts, the best planning will be in place to keep University business processes and academic services functioning, with minimal interruption, in the event of a system outage or failure.
System Business Continuity ClassificationThe System Business Continuity Classification (SBCC) is used to assess the criticality level of an IT system. The criticalness of an IT system is in relationship to the business processes and services it provides to the University. The SBCC provides service owners with a matrix and associated definitions to determine which business continuity measures should be in place for their IT systems and applications. The necessary business continuity procedures, methods, and testing requirements are all dependent upon the classification level selected.
- Information System Contingency Plan An Information System Contingency Plan (ISCP) provides established procedures for the assessment and recovery of a system following a system disruption. The following items are addressed in an ISCP: Assessment and notification processes; roles and responsibilities of individuals tasked with recovering the system; system inventory information; detailed recovery procedures; and testing procedures for the system.
- Business Impact Analysis A Business Impact Analysis (BIA) identifies a system's critical business processes, assigns estimates for maximum tolerable downtime, and designates priorities for a system's rebuild or restoration in the event of a disaster.
- System Recovery Procedures System recovery procedures (SRP) provide general procedures for the recovery of a system from backup media or other sources.
Business Continuity ProceduresContinuity planning represents a broad scope of activities designed to sustain and recover the business processes and critical systems of an organization. The extent of business continuity procedures necessary for an IT system depends on the assigned criticality level. The range of procedures for continuity planning includes the following: The information system contingency plan, the business impact analysis, and system recovery procedures.