Policy Redesign Project

All policies and procedures are being reviewed as part of this project. This document is pending review, but remains in effect until the review is carried out.

IT Disaster Recovery Policy

Establishment: Vice-Chancellor, 5 December 2014
Last Amended:  
Nature of Amendment:  
Date Last Reviewed:  
Responsible Officer: Director, Information Technology Services

1.  Objective

The objective of this policy is to ensure the development and maintenance of IT Disaster Recovery for IT System Assets that support critical functions of the University. The policy ensures the University is able to continue to deliver services in the event of a serious disaster or incident by defining a framework that enables:

  • Risk reduction in the event of a disaster or serious incident;
  • Availability of IT systems required to support critical University processes to agreed levels;
  • Compliance with regulatory requirements;
  • Integration with University Business Continuity polices and processes; and
  • A responsible approach to protect the interests of University stakeholders, policyholders, business partners, and suppliers.

This policy is written to be consistent with the Information Security Standards AS/NZS ISO/IEC 27001:2006 and AS/NZS ISO/IEC 27002:2006.

2.  Scope

The policy is applicable to all software applications and IT System Assets that support the University across all faculties, schools and divisions hosted internally by the University or externally.

3.  Definition

  • IT System Assets includes information, the computer systems that support business and control functions, networks and communication links, business applications and programs, and all forms of electronic storage media.

4.  Policy Principles

Information Technology Services is accountable and responsible for the development of an IT Disaster Recovery Plan that ensures the recovery of critical systems and services in a timely manner.

IT Disaster Recovery plans must be:

  • Consistent with the University’s continuity of operations principles and Risk Management Policy;
  • Integrated and aligned with the Emergency Management Plan and Business Continuity Plan to reflect the University’s needs;
  • Developed following an approved Disaster Recovery Planning process;
  • Periodically tested (at minimum on an annual basis);
  • Properly maintained and audited;
  • Communicated to all relevant stakeholders;
  • Aligned to business/operational needs; and
  • Have an owner formally appointed.

IT Disaster Recovery should be developed and maintained in line with a defined IT Disaster Recovery Framework, which will inherently achieve the above requirements.

Director, Information Technology Services is responsible for:

  • Overseeing the maintenance and development of the IT Disaster Recovery function at Flinders University.
  • Ensuring that IT Disaster Recovery procedural and technical controls are adequately specified and resourced;
  • Ensuring members of the University Executive and Council are aware of IT Disaster Recovery in the wider context of risk management of the University;
  • Monitoring the effectiveness of IT Disaster Recovery provisions.

5.  Related Documents

This policy should be read in conjunction with other relevant University policies, including:

Information Security Policy

IT Acceptable Use Policy

Risk Management Policy