Review: Standards Op.(hosts) and disaster recovery

Back to IT Policy Task Force Home


Review: Standards: Operational (hosts, servers, platforms, etc.); disaster
recovery & risk mgmt

The policy need systems life-cycle for campus:

There are no policies that specifically cover campus-wide system operations and backup standards.

Business office has a Info. System and security Policy’s for BAO users and deals more with Privacy Act. Also points how to dispose desktop an server info that has outlived its purpose. (Storage, archiving and recovery is mentioned) BAO System Policy

Through Server registration page, policies can be linked eg.
WMU Server Reg Policy templates.
UO IP Request could do provide link to host policies and configurations. This step will ensure the responsible admins check against provided policies
Information Services has a general purpose info page for computer security.
UO General Machine Security

Creating standards that campus admins should use will help secure the systems in the installation stage.
eg. PennState Server Sec Policy
References to benchmarks can also be included as resources.
CIS Security benchmark and NSA’s security config
guides

Server Backup and recovery. Some colleges have a good backup and recovery policy that we could include in our policy guidelines.
Penn State Backup Policy and Penn State IDTR

Decommisioning the system A good start for a policy on retiring systems UO’s Surplus instruction

===
additional comment:
look at Joe’s homepage
esp. additional business continuity/disaster recovery info


Back to IT Policy Task Force Home