Disaster Recovery

• Every RIT organizational unit should identify all critical processes/functions for which they are the process/function owner. Departments may use the continuity system for this purpose by coordinating with the Business Continuity Office.
• For each critical process/function, departments will assign a Recovery Time Objective (RTO). An RTO is the minimum acceptable time a technology resource that is used to complete a process/function can be unavailable. Alternate methods of performing the process/function may be employed while the technology resource is being recovered.

• Departments are responsible for identifying the technology resources that support each critical process/function. These resources include applications, software, hardware, and network (voice and data).
• Departments should identify IT and other organizations supporting critical processes/functions.

Departments should identify RIT electronic and non-electronic information created, used, and/or stored for each critical process/function.

Departments may use the recovery planning system for documenting critical processes/functions, RTOs, technology, IT Departments, RIT information, and RPOs by coordinating with the Business Continuity Office, or may use the form located at http://www.rit.edu/fa/buscont/. Forms should be provided to the Business Continuity Office for entry into the recovery planning system.

To the extent possible, departments should establish contingency plans to continue critical business functions/processes to be used when normal mechanisms are unavailable.

•  Process/function owners should identify training requirements and determine appropriate training procedures.
• Training will include restoration and recovery procedures to return the process/function to its pre-disaster state.
• Departments should cooperate with supporting IT and other organizations to test restoration and recovery procedures on a periodic basis determined by the Divisional VP or Provost (Information Trustee).

• Process/function owners should review all processes/functions and evaluate their criticality annually.
• Process/function owners should incorporate all new critical processes/functions into the Disaster Recovery Plan.

 IT organizations will retain an inventory of services in the Recovery Planning System that support critical processes/functions.

IT organizations and business process owners will develop, maintain, and test backup and recovery/ restoration procedures services (frequency of testing to be determined by process owner, IT organization, and contractual obligations) that support critical processes/functions to support academic/business unit recovery and disaster recovery.

• IT organizations should determine an alternate site for back-up and recovery/restoration activities.
• Back-up and recovery/restoration activities should occur in a physically, environmentally, and logically secure location in compliance with RIT information security policies and standards.