IT0128 – Contingency Planning
Objective:
To establish a Contingency Planning Policy for managing the risk of information asset failures and service disruptions though the establishment of an effective contingency planning program. The contingency planning program helps the University implement security best practices with regard to business continuity and disaster recovery.
Scope:
This policy applies to all users of and information technology (IT) resources owned, operated, or provided by the University of Tennessee including its campuses, institutes, and administration (University and/or Campuses).
“Users” includes but is not limited to students, faculty, staff, contractors, agents, representatives, and visitors accessing, using, or handling the University’s information technology resources.
Information transmitted or stored on University IT resources is the property of the University unless it is specifically identified as the property of other parties.
Principles:
The University has chosen to adopt the policy principles established in the National Institute of Standards (NIST) 800 series of publications, and this policy is based on those guidelines.
The Chancellor or equivalent at each Campus must designate an individual or functional position responsible for information security at their Campus (Position of Authority and/or Campus Authority).
The Position of Authority should be at a high enough organizational level to allow him/her to speak with authority on and for the Campus. Each Campus must develop or adopt and adhere to a program that demonstrates compliance with this policy and related standards.
This program is the responsibility of the Position of Authority. Each User of University resources is required to be familiar and comply with University policies. Acceptance of this policy is assumed if a User accesses, uses, or handles University IT resources.
Policy:
All University Information Technology organizations must develop or adopt and adhere to a formal documented contingency planning program that reflects the University’s commitment to ensure the continuity of its mission and operations. Each of these organizations must develop or adopt and adhere to a program, standards, procedures, and controls that demonstrate compliance with this policy and related standards.
All policy related standards and procedures must be consistent with applicable laws, regulations, and guidance. This policy and all associated standards and procedures as well as their implementation effectiveness must be reviewed periodically and updated as needed.
References:
- NIST Special Publication 800-53
- University of Tennessee Statewide Controls Baseline
Last Reviewed: October 14, 2015
Downloadable PDF