Reliable disaster recovery plans are needed to ensure each university unit is ready and able to sustain vital operations in the aftermath of a disaster or extended disruption to normal operations.
A well-thought-out disaster recovery plan contains detailed instructions on how to recover and restore systems and data in response to unplanned incidents. Effective plans will identify specific actions to take before, during and after a disaster to ensure efficient restoration of required services.
The most important inputs into a business continuity and disaster recovery plan result from conducting a business impact analysis (BIA), which identifies the critical business processes, such as payroll, distance learning and research systems, that must continue to operate even during a disaster or extended disruption.
Once the operational and financial impact of a disruption is understood, units can begin prioritizing their business, academic and research needs to identify the vital services that must remain available and the critical assets that must be protected. The core results of a BIA identify and prioritize what needs to be recovered and the timeframes for restoring necessary capabilities to an acceptable level.
Disaster recovery plans and business impact analyses are to be reviewed and updated as needed every three years. Annually, each university unit will be required to conduct a disaster recovery test exercise to identify lessons learned and areas of improvement that should be included in its disaster recovery plan. The exercise is an opportunity to run through a mock disaster, fine tune preparation and response capabilities and build confidence for responding to an actual emergency.
Business Impact Analysis Process
Identify Vital Services
Identify required IT systems and services and impact to essential business functions if unavailable
Assess Risks
Assess threats and vulnerabilities that could disrupt vital IT systems and services
Prioritize Recovery
Determine recovery time and objectives and group similar recovery requirements in tiers
Settle Scope
Finalize essential business functions and IT systems and services that must be recovered
Resources
University Information Security Policy
Framework of minimum standards and best practices for the security of data and IT resources at FSU
University Information Privacy Policy
FSU commitment concerning the use and control of protected or private information at FSU
IT Disaster Recovery and Backup Data Policy
Guidance for the continuity, restoration and recovery of critical FSU data and systems in response to natural and man-made disasters
Florida Statutes | Emergency Management
Florida statute requirements for disaster-preparedness plans
Support
If you have questions or need assistance with Disaster Recovery, please contact its-bia@fsu.edu.
