Purpose
Teachers College, Columbia University (the College) requires adequate protections to be established to assure the continuity and recovery of the College’s business following the loss of critical Systems (a “Key Business System”). This policy defines acceptable methods for business continuity and disaster recovery planning, leveraging a risk-based analysis in order to prepare for and maintain the continuity of the College operations in case of the loss of a key business system.
Each college department that maintains or is responsible for a mission critical system or service must have a disaster recovery (DR) plan that documents the critical recovery functions and tasks that can be executed to enable mission critical system recovery following a significant event or disaster.
Scope
This policy applies to all students, staff, faculty members, officers, employees, and affiliates of Teachers College, Columbia University, including extended learning sites, guests, tenants, visitors, contractors, consultants, vendors, individuals authorized by affiliated institutions and organizations, and all others granted use of and/or access to Teachers College, Columbia University technology resources and data.
Policy
This policy is subordinate to the College’s Business Continuity Plan, which prescribes that functional areas that serve as stewards of College IT systems must have documented Disaster Recovery (DR) plans. Supervisors are responsible for briefing staff on their roles and responsibilities related to DR planning, including developing, updating, and testing plans. Business units are responsible for ensuring sufficient financial, personnel, and other resources are available as necessary to maintain technological DR.
The following disaster recovery maintenance activities must be conducted periodically:
Disaster Recovery Plan Requirements
Each department’s disaster recovery plan should include the following:
I. Contingency Plan
A Contingency Plan that details actions to be taken when hardware, software or networks become critically dysfunctional or cease to function (short term and long term outages). This Plan should include an explanation of the magnitude of information or system unavailability in the event of an outage and the process that would be implemented to continue operations during the outage. In addition, the feasibility of utilizing alternative off-site computer operations should be addressed. Specifically, the Contingency Plan must include:
II. Data Backup Plans
The Data Backup Plan should define the following:
For assistance with the development of a disaster recovery plan, please contact TCIT through the Service Desk.
Responsible Office: Teachers College Information Technology
Effective Date: February 1, 2021
Last Updated: January 15, 2021