Policy 9.00: Disaster Recovery

Disaster recovery planning and the capability for implementing recovery are required for all critical (as defined by a Business Impact Analysis [BIA]) information, technology infrastructure, applications and their peripheral support activities.

REFERENCE:

Tennessee Code Annotated, Section 4-3-5501, effective May 10, 1994.

OBJECTIVES:

1.    Ensure that all critical information systems can be recovered in the event of a disaster which disrupts any of the data center facilities of the State.

2.    Provide the capability to continue processing critical infrastructure and information systems, regardless of their physical location, in the event of a disaster.

3.    Define the responsibilities of Strategic Technology Solutions (STS), agency information system management staff, where applicable, and agency business management staff in the development of a disaster recovery plan for critical information systems.

SCOPE:

The policy applies to executive, legislative, and judicial branch critical, agency-specific and statewide infrastructure and information systems, regardless of hosting location.

IMPLEMENTATION:

Department of Finance & Administration, Strategic Technology Solutions

1.    Develop a disaster recovery awareness program.

2.    Develop and recommend to agencies, the standards, procedures and guidelines necessary to assure recovery capabilities for infrastructure and information systems used by the State.

3.    Define the procedure for declaring a disaster.

4.    Develop and disseminate the BIA process that is used to determine criticality and prioritization criteria for an application to be defined as critical.

5.    Provide an ongoing technical review of disaster recovery aids, tools, techniques and other methods to meet ongoing disaster recovery requirements.

6.    Provide for an administrative review of disaster recovery considerations in light of technical, environmental, procedural or statutory changes which may occur.

7.    Provide management and technical consulting support to agencies in fulfilling their disaster recovery roles.

8.    Develop STS recovery procedures that agencies can use as guidelines in developing and testing their disaster recovery plans.

9.    Develop and maintain the disaster recovery plan for STS managed infrastructure and information systems.

10. Provide a centralized disaster recovery coordinator to help facilitate exercises and events.

Agency Business Management Staff

1.    Ensure that appropriate staff participate in disaster recovery awareness and training.

2.    Ensure appropriate staff develop and maintain the BIA.

3.    Responsible for supporting the development of the agency's individual plan(s) to recover their critical information systems.

4.    Develop a disaster recovery process to annually review and test a sample of agency applications.

5.    Designate an agency disaster recovery coordinator who is responsible for ensuring that the agency's plans will allow it to recover its critical information systems.

6.    Responsible for establishing recovery procedures for the peripheral activities required to continue the agency's critical production tasks.

7.    Ensure disaster recovery language is included in contracts for vendor or contractor-hosted applications.

                Approved – 10/07/2021 - Information Systems Council