Backup and Disaster Recovery
Potential disasters could be any major loss of data, due to hardware, software or personnel failure. They could also be in the form of a natural disaster.
Table of Contents
Governing UH Policy
Manual of Administrative Policies and Procedures (MAPP):
Computer User Responsibilities
MAPP Policy: | 10.03.01 |
SECTION: | Information Technology |
AREA: | User Guidelines and Responsibilities; Security |
SUBSECTION: | IV (Security Responsibilities) |
Computer and Network Security
MAPP Policy: | 10.03.02 |
SECTION: | Information Technology |
AREA: | User Guidelines and Responsibilities; Security |
SUBSECTION: | IV (Security Responsibilities) |
University of Houston System, System Administrative Memoranda (SAM):
Risk Management Policy
SAM Number: | 01.C.01 |
SECTION: | General Administration |
AREA: | Risk Management |
UH Emergency Management Manual
Emergency Management Plan (PDF, 167 KB)
IT Practices and Guidelines
A. Risk Assessment
Risk management is an evaluation of the adequacy of management controls in assuring the integrity, accuracy, and availability of college and division services. This is primarily a business decision, not constrained by an IT focus, evaluating the risk of inaction versus the cost of action to reduce risks, (real or perceived). Risk management enables sound judgment when taking risks and affords a level of contingency planning should a risk become a reality.
Understanding risks to university assets is the starting point of a risk management process. Once the risks are understood, sound decisions on whether to accept, mitigate, or transfer those risks can be made. Therefore risk management can be defined as a systematic process for identification, analysis, control, and communication of risks and is integrated into the normal business processes of the college or division.
This process entails identifying business assets, their associated value, their associated vulnerabilities, and the ability of the organization to anticipate and act on exposures that significantly impact the organization.
B. Business Continuity/Disaster Recovery
Each College and Division should have a Business Continuity plan based on the following criteria:
- A determination the maximum time of not having the service(s) provided by the system that can be tolerated.
- An identification of all of the threats to the system such as:
- Program or Data Failure.
- Hardware Failure.
- Electrical Power Failure.
- Fire.
- Formulation of Contingency Plans for restoring services within the acceptable time. Security and Disaster Recovery can give advice on risk management and contingency planning.
C. Data Integrity/Backup and Recovery
Backups of all College and Division-critical data should be made at least once per working day.
The backup regimen should meet the following criteria:
- Enable recovery to at least the start of business on any weekday of a failure.
- Provide at least one more level of backup to a previous time, to cover the case of the failure of the primary backup media.
- There should be offsite storage of backup media to enable a full data recovery to no earlier than one working week. Iron Mountain is used to store backups off-site for enterprise systems.
- There should be an audit of backup media at least once every six months.