OIT

Information Technology Security Policy

Links

Policy Procedures Guidelines Outlines Unit IT Security Policy Outline Unit IT Documentation Outline Unit IT Business Recovery Plan Outline DDD Memos IT Security Policy

Unit IT Business Resumption Plan Template

University of Florida units are required to maintain a written IT Business Resumption Plan (ITBRP).  This document is intended as a guideline to help simplify the development of a Unit ITBRP.

Since the ITBRP contains sensitive information about unit IT resources, the plan should not be advertised, but it must be made available to the UF ISM upon request.

Include the unit name in the plan title.  Identify the network managers, the unit administrator and list their contact information.

It is not necessary that units include everything listed here, but they should include those things that are relavant to IT functions of their unit.

Unit name

IT Manager: <contact information>

Unit administrator: <contact information>

Date Established

Date of Last Revision

Distribution list and location of document

Sensitive Information Disclosure Notice

Overview - This section contains the executive management perspective, policies, plan concept, what constitutes a disruption and overview of the business resumption plan.

• Introduction:  purpose, goals, objectives, benefits
• Scope - what IT resources does the BRP address
• Contacts and Responsibilities
• Resources - documentation
• Risk assessment - value, criticality, threat, replacement cost, acceptable downtimes
• Preparation - monitoring, backups, training, testing
• Recovery operations - what constitutes a disruption, procedures
• Revisions and updates - environmental changes, test results, revision schedule

Contacts and Responsbilities

• BRP Activation Authority
• BRP Coordinator
• Resource contact(s)
• Alerting/monitoring contact(s)
• Training contact(s)
• Testing contact(s)
• Update contact(s)
• PPD/Facilities contact
• Emergency Building Coordinator contact
• UPD contact
• Key management contact
• Other physical security contact
• Other contacts

Resources - identify location of documentation; documentation should be organized to include location, description, value, and criticality for all data; resources, process, services, and facilities

• Identify team
• Identify location of documentation which should include the following
• data backups
• power backups, battery and generators
• replacement resources and warranty records
• equipment resources
• data resources
• critical or sensitive data
• resource value and criticality
• maintenance contracts
• Equipment and supplies not listed in documentation
• Processes
• Service providers
• ISP
• vendor maintained equipment
• phones, cell phones, pagers
• Building and Facilities
• environmental control units
• privileged passwords
• key management and other physical security resources

Risk assessment

• Identify team
• Prioritize resources
• Assess the value/criticality of the IT resources
• Determine the threat to the IT resources
• Assess the cost to replace the IT resources for insurance purposes
• Determine acceptable downtime of IT resources

Preparation

• Alerting/monitoring
• Maintenance contracts that need to be maintained
• Data backup procedures
• location
• frequency
• incremental vs. full
• what is backed up
• Privileged passwords maintenance and recovery
• Power backups
• Training
• Team
• Scope
• Schedule
• Procedures
• Testing
• Team
• Scenario
• Schedule
• Monitoring
• Follow-up

Recovery Procedures

• Identify team
• Business Resumption steps - prioritized task list based on type of event (facilities, personnel, IT services, IT equipment failures or loss).  What needs to be done (damage assessment, notification procedures, BRP activiation), when, where, and how.
1. Establish communication
• phones - Telecom - forwarding numbers and configuration options)
• email - establish alternative email accounts for key contact personnel
2. Notification
• internal personnel
• contact Network Services
• email Network Managers
• PPD
• UPD
• EHS
• state insurance
3. Damage assessment and documentation
• photograph scene untouched to document smoke, water, or other damage
• outsource forensics service if needed
4. Establish basic services
• networking
• DHCP
• restore backups
• relocate equipment
5. Replace customized equipment, keys, tools, paper documentation, alternative personnel space
6. Cleanup
• PPD
7. Full resumption of services
• Alternative manual methods for operation

Revisions and Updates to the ITBRP

• Identify team
• Consider equipment and environmental changes
• Consider test results
• Revision schedule

OIT Units

Chief Information Officer , Academic Technology, Computing and Networking Services , Network Services, Telecom

Services

Students, Faculty, Staff

Committees

IT Advisory Committee, Academic Technology, Data Infrastructure, High-Performance Computing, Network Infrastructure, Information Security Management, Ad Hoc

Projects

UF Exchange, High Performance Computing, AT Grid, Active Directory Project, Microsoft Campus Agreement, Shibboleth, more...

Policies

Acceptable Use (AUP), IT Security, IT Strategic Plan, Disabled Access Computing Policy, more...

System Status

Bridges Status, CNS Reported Issues, Gatorlink Mail, ISIS, Outgoing Mail, Network Status, Webadmin Sites, Webmail

Training

Students, Faculty, Staff, Other Resources

Topics of Interest

Charging for Dial Up Services, Gatorlink Eligibility, Email/Gatorlink Configuration, Connecting to UF , IT Reports

Text-only Version

Search:

OIT Site UF Web with Google UF Phonebook

OIT Units | Services | Committees | Projects | Policies | Training

© University of Florida, Gainesville, FL 32611; (352) 392-1301. Privacy Policy
For Gatorlink/Technical Issues - UF Help Desk - (352) 392-HELP (4357)
Webmaster -

This page was last updated Friday June 13 2008

This page uses Google Analytics (Google Privacy Policy)