Major Revisions to the Policy on IT Recovery

To: UC Santa Cruz Community

From: Van Williams, Vice Chancellor Information Technology Services and Brian Hall, Chief Information Security Officer

The University of California Office of the President has issued major revisions to the IS-12 IT Recovery following a system-wide review.

We would like to highlight a few of those changes in this message. The full policy is available online IS-12: IT Recovery (ucop.edu).

Why is this important?

Unit Heads are responsible for Unit IT Recovery Planning, appointing Unit IT Recovery Leads, and ensuring the creation of Unit IT Recovery Teams. Unit IT Recovery Leads (UITRL) ensure that IT Recovery planning and testing take place. They communicate requirements to key parties and coordinate the execution of the Plan in the event of an Emergency.

  • The UCSC Information Security team will reach out to current Unit Information Security Leads across units to coordinate
  • The policy was updated to align with UC’s overall business continuity and disaster preparedness planning
  • Adapts to changes in security landscape from ransomware and other serious threats
  • Complies with academic research and grant requirements, conforms to cyber insurance underwriting and to the Office of Civil Rights guidance on HIPAA compliance
  • Adopts a standards-based approach to IT Recovery and aligns with UC’s overall business continuity and disaster preparedness planning.

An Office of the President website also provides guidance on frequently asked questions https://security.ucop.edu/policies/is-12-frequently-asked-questions.html

For questions about the implementation of this policy on the UC Santa Cruz campus, email ITpolicy@ucsc.edu.