Policy #1112 Policy currently under revision
Contingency Management Planning
Date: March 1, 1999
Responsible Office: Assistant Vice President,
Resource Planning & Information Technology
This policy establishes the requirement for departments to maintain written contingency management plans and alternate procedures for dealing with disasters and extraordinary circumstances that (1) threaten the health and safety of the public and/or state workers, (2) could have a significant negative impact on the fiscal or legal integrity of university operations, or (3) interfere with the delivery of essential university programs.
1. Contingency: A condition resulting from a natural or man-made occurrence that is of sufficient magnitude or duration to cause significant disruption in the accomplishment of agency program objectives.
2. Contingency Management Planning: The advance planning and preparations necessary to minimize loss of resources and provide reasonable assurance that critical university services and operations will be maintained in the event of a contingency.
3. Contingency Management Plan: A written plan to be enacted in the event of a disaster or other contingency. Such a plan includes an identification of critical functions, procedures for restoring these functions, assignment of responsibilities for activating and implementing the plan, and requirements for training, testing and maintenance activities related to the plan.
4. Threat Assessment: An analysis of the potential jeopardies which a department might encounter. Included are the loss of a building, loss of an essential item of equipment, and loss of key personnel.
Vice Presidents/Provosts are responsible for threat assessment and for identifying those critical departments, functions, and/or applications within their respective divisions for which contingency management plans and procedures are to be maintained.
Department Heads/Directors are responsible for developing, maintaining, and testing contingency management plans as designated by the appropriate Vice President/Provost.
Departmental contingency management plans and procedures should identify threats, specify individual responsibilities, and describe the actions to be taken in the event of a disaster or other contingency. Plans must be in writing and should be reviewed at least once a year. Testing of procedures should be conducted as appropriate.
5. SPECIFIC REQUIREMENTS FOR INFORMATION-BASED APPLICATIONS
The Virginia Council on Information Management (CIM) has established specific requirements for identifying critical applications and developing contingency management plans (including disaster backup and recovery procedures) for automated and manual information-based systems. Such systems generate, manipulate or depend on data. The contingency management requirements and responsibilities for these systems are addressed in Policy 1206 (Contingency Management for Information-based Applications).
Approved March 1, 1999 by Linwood H. Rose, President