Missouri State University

Disaster Recovery of Core Systems

Op12.07-12 Disaster Recovery of Core Systems

Definitions

Disaster Recovery: The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization's critical functions immediately after a disaster.

Disaster Recovery Plan: The management approved document that defines the resources, actions, tasks and data required to manage the technology recovery effort.

Policy Statement

Missouri State University shall have a formal disaster recovery plan for core centralized information systems. It will be based on risk assessments of critical elements of the infrastructure, as specified in the Risk Assessment and Management Policy, in order to effectively prepare and respond to a crisis or disaster that may fully or partially disable the University's information systems. The plan will provide for the confidentiality, integrity, and availability of the University's data. The disaster recovery plan will be reviewed and tested by the Information Security Unit of Computer Services periodically.

Each department with separate information technology systems is responsible for developing and maintaining their own disaster recovery plan in consultation with the Information Security Unit of Computer Services.

The required core services disaster recovery plan for Missouri State University will address the following events:

  • Destruction of a Campus
  • Destruction of a Data Center
  • Mass Loss of Computer Services Staff
  • Destruction or Failure of Servers Within a Data Center
  • Destruction or Failure of Storage Hardware in a Data Center
  • Destruction or Corruption of Data in a Data Center
  • Destruction or Failure of Network Equipment in a Data Center
  • Destruction or Failure of Supporting Equipment in a Data Center
  • Massive Data Breach

Reason or Purpose for Policy

Disaster recovery services are crucial to the continued operation of the business of the University in the event of a disaster causing disruption of University information systems.  A disaster recovery plan is required by the Payment Card Industry – Data Security Standards (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPAA).

Entities Affected by this Policy

All entities contained in or under the direction of the Missouri State University system.

Line of Authority

  1. Responsible Administrator and Office:  Chief Information Officer (CIO)
  2. Contact Person in that Office:  Information Security Officer (ISO)