56.50.07 - Disaster Recovery (TAC 202.74)
This policy sets forth the guidelines and procedures for recovering the Data Center and all related information systems providing service to the Institution. In accordance with the Texas Administrative Code Rule §202.72, Business Continuity Planning, the I.T. Division shall develop and maintain a Disaster Recovery Plan (DRP) that delineates all the roles and responsibilities for the individual Disaster Recovery Teams, along with the steps that must be taken for successful recovery operations.
At a minimum, the DRP shall be tested annually or when a major revision occurs and I.T. staff assigned to disaster recovery duties shall be trained, at least, on an annual basis.
In the event of a disaster,
- The Chief Information Officer (CIO) is the only authority for declaring a disaster for the Data Center and all related I.T. services based on the findings of the Tactical Operations Team.
- The Tactical Operations Team is responsible for the timely identification and determination of the disaster as well as the duration of the service outage.
Upon the declaration of a disaster,
- The I.T. Division and all associated Disaster Recovery Teams will invoke and comply with the procedures documented in the DRP.
- All efforts will be made to accommodate user needs while recovery services are being implemented but prioritization of recovery will be based on the criticality of the service and/or application experiencing the outage.
- The Office of Communications and Marketing is the only authority for all media communications based on information from the Chief Information Officer.
- The Chief Information Officer or designee from the Management Team is responsible for conveying all necessary information to the Office of Communications and Marketing for any updates and/or announcements to the media.
Mission Critical data shall be backed up on a scheduled basis and stored off site in a secure, environmentally safe, locked facility accessible only to authorized personnel.
TTUHSC El Paso Information Resources backup and recovery process for each system must be documented and periodically reviewed. A process must be implemented to verify the success of the electronic information backup.
Backups must be periodically tested to ensure that they are recoverable.