Disaster Recovery Planning

Yale is committed to ensuring the resilience and recovery of IT Systems and Data from disruptive events, such as cyberattacks, natural disasters, or system failures. To honor this commitment, Yale seeks to implement processes and technologies that achieve the following goals:

• Data Protection: Safeguard data from loss or corruption and ensure data restoration to a usable state.
• Reduce Downtime: Limit the amount of time IT Systems and Data are unavailable after an incident.
• Recovery: Enable a repeatable, dependable process to recover systems and data after an incident.
• Resiliency: Enable Yale to adapt to and recover from unexpected events.
• Maintain Compliance: Adhere to Yale’s Minimum Security Standards (“MSS”) (https://cybersecurity.yale.edu/Mss) and industry standards for IT disaster recovery planning.

This Policy establishes a Disaster Recovery framework for Systems and Data according to their sensitivity and their importance to the functioning of the University. Additionally, this policy operates within two over-arching requirements:

1. First, the Information Security Office (“ISO”) must devise Minimum Security Standards (“MSS”) (https:// cybersecurity.yale.edu/mss) for each class of System and Data and help members of the Yale community implement those or higher standards.
2. Second, members of the Yale community entrusted with Yale Systems and/or Data must understand and apply the Minimum Security Standards (“MSS”) (https://cybersecurity.yale.edu/mss) and be alert to circumstances in which additional security measures might be warranted.

See more details: Draft Yale DR Policy

Developing a Disaster Recovery Plan

Developing a Disaster Recovery Plan 

Create an ITDR Recovery Plan

Where Do I Go from Here?

Login

*If you receive and access denied message on any page, please select the button to request access and a member of the DR team will review.

*If you do not have a side room set up, please email elena.masotta@yale.edu with your team name and team members.

See also: Navigating Veoci as a New User (Video)

Application Criticality Information

The links below provide resources for determining your applications’ Tier, RTO, RPO, Data Classification and External Obligations.

• Disaster Recovery Tiers
• Data Classification Guideline
• Availability Requirement Guideline
• External Obligations Guideline

FAQ

• Who approves the DR Plans?  
  • When the plan is completed, the Plan Owner must approve the plan. The Plan Owner should be the same as the Service Owner in ServiceNow.
• How do I get definitions for Tier, RPO / RTO? 
  • Please reference the following documents for information regarding determining your application’s Tier, RPO & RTO
  • Disaster Recovery Tiers v2.2.pptx
  • Application Tiering capability cheat sheet.docx
• Will DR Tests be done to validate the DR Plans we created?
  • There will be a testing schedule for the year. From there, testing will be done at the request of application owners.
• If I update Service Now when would I expect to see those updates in Veoci?
  • The following business day - There is a daily feed from ServiceNow to Veoci