Disaster Recovery | Policies

TC Web Authentication
Welcome!Log In

Disaster Recovery

Details requirements to ensure the continuity and recovery of the College’s business following the loss of critical systems.

Owner: Information Technology

Purpose

Teachers College, Columbia University (the College) requires adequate protections to be established to assure the continuity and recovery of the College’s business following the loss of critical Systems (a “Key Business System”).  This policy defines acceptable methods for business continuity and disaster recovery planning, leveraging a risk-based analysis in order to prepare for and maintain the continuity of the College operations in case of the loss of a key business system. 

 

Each college department that maintains or is responsible for a mission critical system or service must have a disaster recovery (DR) plan that documents the critical recovery functions and tasks that can be executed to enable mission critical system recovery following a significant event or disaster.

 

Scope

This policy applies to all students, staff, faculty members, officers, employees, and affiliates of Teachers College, Columbia University, including extended learning sites, guests, tenants, visitors, contractors, consultants, vendors, individuals authorized by affiliated institutions and organizations, and all others granted use of and/or access to Teachers College, Columbia University technology resources and data.

 

Policy

This policy is subordinate to the College’s Business Continuity Plan, which prescribes that functional areas that serve as stewards of College IT systems must have documented Disaster Recovery (DR) plans. Supervisors are responsible for briefing staff on their roles and responsibilities related to DR planning, including developing, updating, and testing plans. Business units are responsible for ensuring sufficient financial, personnel, and other resources are available as necessary to maintain technological DR.

 

The following disaster recovery maintenance activities must be conducted periodically:

  • Review the DR objectives and strategy
  • Audit systems access and roles
  • Update documented DR plans
  • Update the internal and external contacts lists
  • Conduct a DR simulation/tabletop exercise
  • Conduct a DR telecommunication exercise
  • Conduct a recovery test in partnership with TCIT
  • Verify the alternate site technology, if applicable
  • Verify the hardware platform requirements, if applicable

 

Disaster Recovery Plan Requirements

 

Each department’s disaster recovery plan should include the following:

 

I. Contingency Plan

 

A Contingency Plan that details actions to be taken when hardware, software or networks become critically dysfunctional or cease to function (short term and long term outages). This Plan should include an explanation of the magnitude of information or system unavailability in the event of an outage and the process that would be implemented to continue operations during the outage. In addition, the feasibility of utilizing alternative off-site computer operations should be addressed.  Specifically, the Contingency Plan must include:

 

  • An Emergency Mode Operations Plan for continuing operations in the event of temporary hardware, software or network outage.  This Plan should contain information relating to the end user process for continuing operations.
  • A Recovery Plan for returning functions and services to normal on-site operations when a disaster is over.
  • A procedure for periodic testing, review and revision of the Contingency Plan for all affected systems, as a group and individually as needed.

 

II. Data Backup Plans

 

The Data Backup Plan should define the following:

 

  • Who is responsible for taking reasonable steps to ensure the backup of University Data, particularly Sensitive Data and Confidential Data;
  • A backup schedule;
  • The Key Business Systems that are to be backed up;
  • Where backup media is to be stored and workforce members who may access the stored backup media;
  • Where backup media is to be kept secure before it is moved to storage, if applicable;
  • Who may remove the backup media and transfer it to storage;
  • Restoration procedures to restore Key Business System Data from backup media to the appropriate System;
  • Test restoration procedures and frequency of testing to confirm the effectiveness of the Plan;
  • The retention period for backup media; and
  • A method for restoring encrypted backup media, including encryption key management.

 

For assistance with the development of a disaster recovery plan, please contact TCIT through the Service Desk.

 

Responsible Office: Teachers College Information Technology

Effective Date: February 1, 2021

Last Updated: January 15, 2021

If you have questions or comments about the Policy Library, please send them to  policies@tc.edu.

Back to skip to quick links