The updated policy on Planning for IT Disaster Recovery and Business Resumption has been adopted. This emergency update to the policy accomplished the following:
Removed reference to annual certification process to match current practice.
Changed reference to annual update of plans from ‘annually’ to ‘at least annually’
Added reference that plans are initially developed and then regularly updated and tested.
Streamlined language in several areas and made other editorial and formatting changes.
Removed statement that State Auditor can audit plans and tests.
A full sunset review of the policy will occur later this year.