Business continuity planning is the process of preparing for the unexpected. The result is a plan to respond to partially or completely interrupted access to information and information technology initiated by various causes such as natural disaster, accident, equipment failure, or malicious activity. The goal is to ensure the availability of critical information resources and continuity of operations. An information and IT related business continuity plan should be based on risk and focus on key information and information technology assets in the context of business needs. Business continuity planning will promote the rapid recovery of the university in the face of an adverse event, minimize the impact of such events, and improve university's ability to cope with the unexpected.
Safeguards for Domain 11 Information Security & Privacy Program
Include information security and privacy in the business continuity management process
Ensure that information security and privacy is included in any overall business continuity process.
University Emergency Management & Continuity assists campuses and units in creating a resilient and prepared university community.
Business Continuity Planning includes steps that address information security as part of the overall business continuity planning process.
IU Ready, via one.iu.edu includes tabs specifically related to IT to prompt campuses and units to plan for information security and privacy in the overall business continuity process.
Identify events that can cause interruptions
Information security aspects of business continuity should be based on identifying events that can cause interruptions to the business, including theft, fire, natural disasters, etc.
IU Ready, via one.iu.edu, leads units through a business continuity planning process that includes the identification of events that can cause interruptions and their consequences for information security and privacy.
Develop and implement continuity plans
Plans should be developed and implemented to maintain or restore operations and ensure availability of information as determined necessary.
Section 5 of the Business Continuity Planning Checklist includes steps that address developing a continuity plan, and section 9 includes steps that address maintaining the plan.
Business continuity planning framework
A single framework should be maintained to ensure all plans are consistent and address information security and privacy requirements.
IU Ready, found on one.iu.edu, provides a common framework for departmental business continuity plans.
Testing, maintaining, and re-assessing plans
Plans should be tested and updated regularly.
Emergency Management & Continuity assists the university community in testing, maintaining, and re-assessing plans.
Summary of domain objectives
The primary objectives of this domain are to ensure:
- Minimize interruptions or the impact of interruptions to university operations
- Protect information and information assets from the effects of all levels of failures or disasters
- Ensure timely resumption of operations.
Supplemental resources
- IU Business Continuity Resource Planning
- Business Continuity Management | EDUCAUSE/Internet2 Information Security Guide