YALE-MSS-3.1: Create a Disaster Recovery Plan

Standards Group:
YALE-MSS-3: Disaster Recovery (DR)

YALE-MSS-3.1: Create a Disaster Recovery (DR) Plan

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Not Required Moderate Risk Server Not Required High Risk Server Upcoming Required for HIPAA Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Creating a DR plan organizes the information you need during a disaster. This allows you to restore the IT system within its specified availability requirement.

A DR plan is a step-by-step procedure to restore an IT system. This can be in the event of:

  • A component loss (e.g. a single server or database)
  • A facility loss (e.g. a data center or distribution room)

Please note that steps in a DR plan may require a coordination of actions from a variety of people or groups.

A complete DR plan includes, but is not limited to:

  • What personnel are affected if the system goes down
  • How to communicate with affected personnel
  • How support is recevied from other Yale staff or vendors
  • An understanding of the IT systems that need to be available first in order to execute the DR plan
  • Confirmation that the steps in the DR plan will completely restore the system within the defined availability requirement
  • How to make a determination that the IT system is healthy following a restoration
  • How to recover data to meet recovery requirements
  • What to do if the subject matter expert is not available
  • Named backups to the subject matter expert, if unavailable

All team members should review the plan to minimize potential mistakes.

Additional information on availability requirements can be found on the Availability Requirement Guideline page.

Controls