Page 29 - Information_Security_Program
P. 29

BUSINESS CONTINUITY [DP290]
        Back to Table of Contents

        Scope: Enterprise
        Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security, IT Staff
        Purpose: To recover the operations of the organization in the event of a catastrophic event at one or more key facilities.
        External Regulation or Standard: 45 CFR 164.310(a)(2)(i) ‐ Facility Access Control

         Who is Responsible    Statement    Policy, Standard, or Procedure Statement
                                Number
         Chief Financial Officer   DP290.1   Oversee the organization's business‐continuity and disaster‐recoveryobjectives.
         and Director of
         Information
         Technology, Privacy
         and Data Security
         Chief Financial Officer   DP290.2   The organization will maintain plans to recover its business operations and
         Director of Information            information systems following disastrous events.
         Technology Privacy
         and Data Security
         Chief Financial Officer   DP290.3   The organization's BC/DR plans will describe the roles, responsibilities, and procedures
         with Director of                   for restoring an information system and related business processes after a disruption
         Information                        or failure.
         Technology, Privacy
         and Data Security
         Executive Leadership   DP290.4     The Executive Leadership Team will provide the Chief Financial Officer, Director of
                                            Information Technology, Privacy and Data Security with the recovery time objectives
                                            for its critical information systems and business processes.
         Chief Financial Officer   DP290.5   The organization's BC/DR plans will ensure recovery environments provide an
         with Director of                   equivalent level of security as production environments.
         Information
         Technology, Privacy
         and Data Security

         Chief Officers,        DP290.6     The organization will train employees on their roles in the execution of its BC/DR
         Directors and                      plans.
         Managers
         Chief Financial Officer   DP290.7   The organization will regularly test the readiness of its BC/DR plans, at a frequency
         with Director of                   commensurate to system criticality.
         Information
         Technology, Privacy
         and Data Security
         Chief Financial Officer,   DP290.8   The organization will take corrective action based on the results of its BC/DR tests.
         Director of Information
         Technology, Privacy
         and Data Security, IT
         Staff and appropriate
         Directors and
         Managers

         Chief Financial Officer   DP290.9   The organization will update its BC/DR plans at a frequency commensurate to system
         with Director of                   criticality.
         Information
         Technology, Privacy
         and Data Security

                                                                                                         28 | P a g e
        GES CONFIDENTIAL
   24   25   26   27   28   29   30   31   32