Skip to Main Content

Standard 6 - Backup and Disaster Recovery



  1. Backup Plan Requirement. All UNF data, including data associated with research, must be backed up in accordance with risk management decisions implemented by the Data Owner. The University's Office of Internal Audit periodically reviews backup plans for campus units. Each backup plan must incorporate procedures for:
    1. recovering data and applications in case of events such as natural disasters, system disk drive failures, espionage, data entry errors, human error, or system operations errors;
    2. assigning operational responsibility for backing up of all servers;
    3. scheduling data backups and establishing requirements for off-site storage;
    4. securing on-site / off-site storage and media in transit, as necessary; and
    5. periodically testing backup and recovery procedures.
  2. Disaster Recovery Plan. Owners of mission critical information resources and of information resources containing confidential data must adopt a disaster recovery plan commensurate with the risk and value of the information resource and a completed Business Impact Analysis. The University's Office of Internal Audit periodically reviews disaster recovery plans for campus units. The disaster recovery plan must incorporate procedures for:
    1. recovering data and applications in the case of events that deny access to information resources for an extended period (e.g., natural disasters, terrorism);
    2. assigning operational responsibility for recovery tasks and communicating step-by-step implementation instructions;
    3. at a minimum, testing the disaster recovery plan and procedures every two years (example: tabletop or scenario testing, leveraging major scheduled upgrades, activating actual service outages in a controlled scenario); and
    4. making the disaster recovery plan available to the Chief Information Security Officer and other stakeholders.

Return to the ITS Policies and Procedures List