University Policies

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Raghu, Rachana

Saved on

compared with

New Version 2

changes.mady.by.user Raghu, Rachana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Title: Relocation Expenses
Subject: Finance 
Policy No: FA: 2014: XX 
Applies: University-wide 
Issuing Authority: President (signature)
Responsible Officer: Senior Vice President for Finance and CFO 
Adopted: 10/2003
Last Revision: 8/2013
Last Reviewed: Dec 29, 2014

BUSINESS CONTINUITY MANAGEMENT POLICY

 

Title: Business Continuity Management Policy

...


This policy applies specifically to all employees, Deans, officers and directors of the University. Furthermore, management's accountability extends to ensuring all aspects of its Business Continuity Management's activity incorporate third party service providers and vendors.

IV. DEFINITION(S)

 

  1. Business Interruption - an event, whether anticipated or unanticipated, which disrupts the normal course of business operations within the university.

...

Ranking

Criteria

High

Business functions are critical and must be recovered quickly (0-
6hrs Maximum Downtime Tolerance).
Failure of business functions would have a significant operational,
financial and/or reputational impact on The University.
Business functions are sensitive to interruptions and contain
intricate and complex procedures and processes with multiple
points of failure.
Heavy reliance on systems and/or external service providers.

Medium

Business functions are moderately critical and recovery
requirements are less demanding (7-48hrs Maximum Downtime
Tolerance).
Failure of business functions would have a moderate operational,
financial and/or reputational impact on The University.
Business functions are less sensitive to interruptions and experience changes less frequently.
Moderate reliance on systems and/or external service providers.

Low

Business functions are of low complexity and recovery timeframes
could be lengthy (>48hrs Maximum Downtime Tolerance).
Outages would have a minimal operational, financial and/or
reputational impact on The University.
Business functions have minimal dependency on systems and/or
external service providers.

 

Recovery Strategy and Plan

...

The Information Security Office (ISO) will monitor and report on the status of university-wide business continuity management activities, plans, protocols and testing to each Dean and the Executive for each business unit on a periodic basis.
Additionally, the ISO will provide regular reporting to the Board Risk Committee regarding the state of the University's Business Continuity Management Program and preparedness.

V. Roles and Responsibilities

...


Deans and Business Units
All areas are to ensure that faculty, staff, and management are familiar with incident protocols for emergencies and business disruptions. Deans and Executive management is to ensure compliance to this Business Continuity Management Policy and its supporting standards and guidelines.

Anchor
_GoBack
_GoBack

Information Resources and Technology (IRT)
IRT is responsible for supporting the information systems and technology requirements of business management's Business Continuity Management activities. This includes supporting the development and implementation of appropriate strategies to recover infrastructure platforms and restore critical applications consistent with business management's continuity and recovery objectives.
IRT is also responsible for overseeing the creation, execution, and testing of a formal Disaster Recovery (DR) Plan and activities related to the systems and infrastructure it supports on behalf of the businesses.
Information Security Office (ISO)
The ISO is responsible for the oversight of university-wide Business Continuity Management and for making appropriate recommendations to the Board Risk Committee regarding BCP and DR strategies and activities.
Legal
Upon engagement by the sponsoring business, Legal supports the risk management objectives of this policy by providing advice and support with contracts impacted by this policy
VI. NON-COMPLIANCE AND SANCTIONS
Violations of this policy may subject the violator to disciplinary actions, up to or including termination of employment or dismissal from a school, and may subject the violator to penalties stipulated in applicable state and federal statutes. Sanctions shall be applied consistently to all violators regardless of job titles or level in the organization.
By Direction of the CIO:

_________________________________
Mira Lalovic-Hand,
VP and Chief Information Officer