RCIT-04 Disaster Recovery
|
Policy Title: |
RCIT Reeves County DISASTER RECOVERY POLICY |
|||
|
Policy Number |
RCIT-04 |
Effective Date: |
09/01/2022 |
|
|
Purpose: |
Recovery of Systems and Data |
|||
|
Regulation Reference |
|
Rev: 1.202204 |
||
RCIT Reeves County DISASTER RECOVERY POLICY
Policy Statement:
Recognizing the critical importance of data as a key asset, Reeves County IT Department maintains robust data backup and recovery processes to ensure the swift and effective restoration of data lost due to system hardware issues. This policy, in conjunction with Reeves County IT Department's Data Backup Policy (reference: 4.1.4), aims to safeguard against data loss events.
A comprehensive Business Continuity – Disaster Recovery Plan is centrally maintained at Reeves County IT Department's corporate headquarters. This plan delineates procedures for various disaster scenarios, ensuring a coordinated and effective response to incidents that surpass the scope of normal working operations.
Guidelines:
Disasters are categorized into two types for IT purposes: on-site recoverable disasters and off-site required recoverable disasters.
1. On-Site Recoverable Disaster:
- Involves data loss from on-site systems due to accidental user deletion or component failure.
- Remediation typically occurs on-site by recalling the most recent backup data or replacing the failed component.
2. Off-Site Required Recoverable Disaster:
- Involves situations like natural disasters (e.g., hurricanes) where personnel lose access to affected areas.
- Reeves County IT Department must recover its systems and continue operations off-site.
For the purpose of this policy, disaster recovery incident operations encompass activities related to restoring systems services, management and user communications, mitigation of ongoing disasters, and follow-up activities.
Disaster Recovery Management Involves:
- Identifying critical and secondary systems based on risk assessment.
- Establishing baseline recovery time capabilities and objectives.
- Maintaining and testing disaster recovery capabilities regularly.
- Identifying gaps between current and required capabilities for system recovery.
Resilience and Redundancy:
- Reeves County IT Department employs resilience across data centers, with each data center capable of providing operating services in case of the loss of a single data center.
- Disaster recovery is integral to critical system architecture.
A. Disaster Recovery System Tiers and Recovery Objectives:
|
Tier |
Description |
Recovery Objective |
|
1 |
Critical systems supporting IT services |
Maximum RTO of 24 hours |
|
2 |
Non-critical systems for RC operations. |
Design maximum RTO of 72 hours. |
|
3 |
Non-IT Department incidents affecting RC offices or facilities. |
Incident-specific recovery |
B. Testing:
- Regular testing and updating of the Disaster Recovery Policy and associated plans ensure currency and effectiveness.
- System level testing, including hardware, is conducted periodically to verify operational integrity.
C. Policy Administration and Enforcement:
- Administered by the Reeves County IT Department IT Department.
- The Director of Information Security oversees the collection, management, and distribution of the policy.
- System managers and administrators are responsible for implementing and maintaining procedures.
- Violations may lead to disciplinary actions, including access restrictions, termination, and legal consequences.
This policy underscores Reeves County IT Department commitment to disaster preparedness and data resilience, ensuring the continuity of critical services even in challenging circumstances. Users are expected to adhere to these guidelines to safeguard information systems effectively.