If you or your unit are responsible for mission critical systems or applications, or you manage or contract for systems or machines that store sensitive university data classified as Restricted, High, or Moderate, you are required by Disaster Recovery Planning and Data Backup for Information Systems and Services (DS-12) to develop and maintain a disaster recovery plan. Specific requirements vary depending on the service tier criticality levels of the affected systems or applications and the classification levels of the data.
Begin with Backups
To recover data and systems after a disaster, you must maintain regular backups. You will need a plan that outlines what you will back up, how frequently you will make backups, and more. You can use U-M backup services or develop your own. See Back Up U-M Data.
Develop and Document Your Plan
Information Assurance provides guidance for determining the scope of required planning and templates to help ensure everything is covered. See Create a Disaster Recovery Plan.
Test and Maintain Your Plan
Once you have a completed disaster recovery plan, you must regularly review, update, and test it. See Maintain Your Disaster Recovery Plan.
Know Your Role and Responsibilities
- U-M Unit and Executive Leadership: Ensure sufficient financial, personnel, and other resources are available for the successful creation and ongoing maintenance of unit DR plans.
- Unit IT Leader(s) and/or Security Unit Liaisons:
- Identify mission critical systems, data, and applications. Determine service tier criticality levels (platinum, gold, silver, or bronze).
- Maintain adequate data backup and restoration processes for mission critical data and the IT systems assigned to them.
- Develop, implement, maintain, and test disaster recovery plans.
- Work with unit IT to review and test disaster recovery plans at least annually or whenever significant system architecture or personnel changes occur. Brief unit leadership on the status of disaster recovery efforts and resource needs.
- Work with U-M Procurement Services to ensure that contracts or Service Level Agreements (SLAs) with third party vendors that maintain or have access to mission critical systems, applications, or data classified as Restricted or High include disaster recovery and data backup provisions.
Applicable University Policies
You are responsible for complying with the policies and standards below. The requirements on this page help you meet that responsibility.