SYS 1037, Section 3 (Policy Scope): A recommendation was made to exclude, from the scope of this policy, Software as a Service solutions under the control of third parties.
Response: This recommendation was accepted; we revised the scope to reflect the policy being limited to systems and operations under the direct control of UW institutions.
SYS 1037, Section 6.A.I: Feedback was received that it may not be feasible to require all institutional Emergency Operation Plans, Incident Response Plans, or departmental Continuity of Operations Plans to be integrated or directly linked with the Disaster Recovery Plan. This was originally proposed to ensure a coordinated approach to recovery.
Response: This recommendation was accepted; the requirement was changed from a ‘must’ to a ‘should’, where feasible.
SYS 1037.A, Section 4.A.II.1-2: A recommendation was made to clarify requirements around identifying DR member roles and responsibilities.
Response: This recommendation was accepted; DR roles are to be identified, and a resource or reference maintained with up to date contact information of members filling these roles.
SYS 1037.A, Section 4.A.II.3 A recommendation was made to expand the examples of IT DR member responsibilities.
Response: This change was partially accepted; ‘including but not limited to’ was added to the example list.
SYS 1037.A, Section 4.A.I.2 and 4.A.III.1: A recommendation was made to clarify the distinction between two sections.
Response: This change was accepted; revisions were made to highlight the requirements for documenting broad coverage and scope of an IR plan and the specific identification of business critical items.
SYS 1037.A, Section 4.A.III.2: A recommendation was made to provide institutional flexibility to develop a recovery strategy that accounts for dependencies rather than a specific restoration order of priority.
Response: This change was accepted and made as part of resolving the previous recommendation.
