MUSC Policy MUSC-xx: Information Security - Contingency Plan
Definitions:
- Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.
Policy:
The designated Owner of each MUSC information system is required to develop and maintain a contingency plan for the system, to include policies and procedures for handling disasters and other types of emergencies that might disrupt the operation of the system and/or interrupt access to its information by authorized users. The depth and breadth of the contingency plan, and the degree of detail and testing required, should be determined by on-going risk assessments, by business continuity requirements (including applications and data criticality analysis), and by legal and regulatory requirements.
Contingency plans should encompass backup procedures, restoration and recovery procedures, and emergency mode operations procedures. Contingency plans should be periodically tested, and should be revised as needed in response to environmental, operational, policy or regulatory changes.
Designated System Owners should coordinate the development of their contingency plans with their Entity IACOs, who should ensure that the procedures documented in these plans are available to the persons responsible for their implementation.
Sanctions:
- Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.
See Also:
- MUSC Policy MUSC-xx: Information Security
- MUSC Policy MUSC-xx: Information Security - Risk Management
References:
- HIPAA Security 164.308(a)(7)(i) Standard: Contingency plan
- HIPAA Security 164.308(a)(7)(ii)(A) Data backup plan
- HIPAA Security 164.308(a)(7)(ii)(B) Disaster recovery plan
- HIPAA Security 164.308(a)(7)(ii)(C) Emergency mode operation plan
- HIPAA Security 164.308(a)(7)(ii)(D) Testing and revision procedures
- HIPAA Security 164.308(a)(7)(ii)(E) Applications and data criticality analysis
$Id: contingency-plan.html,v 1.6 2004/12/10 19:45:52 gadsden Exp $