OIT

UF IT Security Continuance of Operations Standards

The Level 2 Unit ISM must ensure that their unit maintains an Information Technology Continuance of Operations Plan (ITCOP). There must be written plans detailing procedures for various disaster scenarios, both natural and man made. To guard against disaster, critical IT resources must be preserved against loss or corruption by appropriate backup procedures.

The Level 2 Unit ISA has the responsibility to coordinate with the campus emergency response team as appropriate regarding preparation and recovery from incidents.

Continuance of Operations Guidelines

University of Florida units are required to maintain a written IT Continuance of Operations Plan (ITCOP).  This document is intended as a guideline to help simplify the development of a Unit ITCOP.

Since the ITCOP contains sensitive information about unit IT resources, the plan should not be advertised, but it must be made available to the UF ISM upon request.

Include the unit name in the plan title.  Identify the network managers, the unit administrator and list their contact information.

It is not necessary that units include everything listed here, but they should include those things that are relevant to IT functions of their unit.

Components of ITCOP

Cover Sheet: identification, dates, locations, disclosure statement
Overview: executive summary, policies, concepts
Introduction: purpose, goals, objectives, benefits
Scope: what IT resources does the ITCOP address
Contacts and Responsibilities
Resources: documentation
Risk assessment: value, criticality, threats, replacement costs, acceptable downtimes
Preparation: monitoring, backups, training, testing
Recovery: what constitutes a disruption, procedures
Revisions: environmental changes, test results, revision schedule

ITCOP cover sheet

Unit name
Unit ISM
Unit ISA
Date Established
Date of Last Revision
Distribution list
Locations of document
Sensitive Information Disclosure Notice

Overview

Executive management perspective
Policies
Plan concepts
What constitutes a disruption
Summary of ITCOP

Introduction

Purpose
Goals
Objectives
Benefits

Scope

IT resources addresses by ITCOP

Contacts and Responsibilities

ITCOP Activation Authority
ITCOP Coordinator
Resource contact(s)
Alerting/monitoring contact(s)
Training contact(s)
Testing contact(s)
Update contact(s)
PPD/Facilities contact
Emergency Building Coordinator contact
UPD contact
Key management contact
Other physical security contacts
Other contacts

Resources

Resource types

People
Data
Equipment and hardware
Software
Processes
Service Providers
Buildings and Facilities

Resource documentation details

Location
Description
Value
Criticality

Resource considerations

Data backups
Power backups, batteries and generators
Replacement resources
Warranty records
Maintenance contracts
Vendor managed resources
Environmental controls

Risk assessment

Prioritize IT resources
Assess the value and criticality of IT resources
Determine threat to IT resources
Assess cost to replace IT resources
Determine acceptable downtime of IT resources

Preparation

Alerting/monitoring
Maintenance contracts that need to be maintained
Data backup procedures

Location
Frequency
Incremental vs. full
What is backed up

Privileged passwords maintenance and recovery
Power backups
Training

Team
Scope
Schedule
Procedures

Testing

Team
Scenario
Schedule
Monitoring
Follow-up

Recovery: A prioritized business resumption task list based on type of event (facilities, personnel, IT services, IT equipment failures or loss). What needs to be done (damage assessment, notification procedures, ITCOP activation), when, where, and how.

1. Establish communication
2. Notification
   Internal personnel
   Network Services
   Network Managers
   PPD
   UPD
   EHS
   State insurance
3. Damage assessment and documentation
   Photograph scene untouched to document smoke, water, or other damage
   Outsource forensics services if needed
4. Establish basic services
   Networking
   Restore backups
   Relocate equipment
5. Replacements
   Building and facilities
   Staff
   Equipment
   Keys
   Tools
6. Cleanup
   PPD
7. Resumption of services
   Full resumption
   Alternative manual methods for operation
8. Establish communication
   Phones - forwarding numbers and other configuration options
   Email - establish alternative email accounts for key contact personnel

Revisions

Consider equipment and environmental changes
Consider test results
Establish revision schedule

Top | Home

OIT Units

Chief Information Officer , Academic Technology, Computing and Networking Services , Network Services, Telecom

Services

Students, Faculty, Staff

Committees

IT Advisory Committee, Academic Technology, Data Infrastructure, High-Performance Computing, Network Infrastructure, Information Security Management, Ad Hoc

Projects

UF Exchange, High Performance Computing, AT Grid, Active Directory Project, Microsoft Campus Agreement, more...

Policies

Acceptable Use (AUP), IT Security, IT Strategic Plan, Disabled Access Computing Policy, more...

System Status

Bridges Status, CNS Reported Issues, Gatorlink Mail, ISIS, Outgoing Mail, Network Status, Webadmin Sites, Webmail

Training

Students, Faculty, Staff, Other Resources

Topics of Interest

Charging for Dial Up Services, Gatorlink Eligibility, Email/Gatorlink Configuration, Connecting to UF , IT Reports

Text-only Version

Search:

OIT Site UF Web with Google UF Phonebook

OIT Units | Services | Committees | Projects | Policies | Training

© University of Florida, Gainesville, FL 32611; (352) 392-1301. Privacy Policy
For Gatorlink/Technical Issues - UF Help Desk - (352) 392-HELP (4357)
Webmaster -