(a) Preparation.
- (1) The elected official and/or system administrator shall develop a document that shall be used to prepare and, if necessary, respond to potential disasters that adversely affect the function or integrity of the county computer information system.
- (2) The plan shall identify critical elements and resources and provide for securing significant assets and taking steps to restore functional operation of the county computer information system within one (1) week of the disaster.
(3) The county shall maintain sufficient insurance to assure the replacement or restoration of computer equipment, data, and service in the event of:
- (A) Fire;
- (B) Theft;
- (C) Vandalism;
- (D) Terrorism; or
- (E) An act of God.
- (4) The plan should outline the steps to restoring system function beginning with analyzing the situation and selecting team members, either employees or contractors, to carry out each step.
- (5) The plan should be flexible in order to accommodate the unknown aspect of the potential disaster and lack of availability of one (1) or more staff members or other critical resources.
(6) The plan should be reviewed and updated periodically, not less than biannually, to reflect changes in:
- (A) Organization;
- (B) Staffing;
- (C) Methods;
- (D) Technology; and
- (E) Priorities.
(b) Personnel.
- (1) A list of users shall be maintained including a job description, security level, and contact information for each.
- (2) Personnel should be cross trained in all routine system functions to allow continued or restored system operation in the absence of one (1) or more users from their regular job functions.
(c) Facilities.
- (1) A list of facility requirements for temporary operation of the computer information system shall be developed and kept by the county.
- (2) Potential alternate facilities should be identified and listed for possible temporary use in the days following a disaster that renders the regular facility unusable.
(d) Equipment.
- (1) A list of equipment, critical for operation of the computerized information system, shall be kept by the county along with detailed specifications.
- (2) An inventory of all information system equipment shall be kept on an office-by-office or countywide basis.
- (3) Contact information for critical equipment suppliers shall be kept and updated not less than annually.
(e) Data.
(1)
- (A) A list of datasets that are critical to regular county operations shall be kept by the county.
- (B) These shall include both current and archived records of all data types.
- (2) Contact information for critical information system suppliers shall be kept and updated not less than annually.
(f) Applications.
- (1) A list of operating system and application software that are critical to regular county operations shall be kept by the county.
- (2) Contact information for critical application program suppliers shall be kept and updated not less than annually.