Wording change to IS-RM standard and procedure and UDPS

Author
tft8g
Last modified
August 11, 2023 - 11:04am

Non-substantive change

In the Information Security Risk Management Standard and Procedure, under Purpose and Background, removed the phrase  "which includes updating the department’s mission, business continuity, and disaster recovery plans."   
 
In the University Data Protection Standard (UDPS): In the "Assessing and Managing Risk" table changed the phrase:
"The department must complete an IT security risk assessment, including updating the department’s mission, business continuity, and disaster recovery plans annually . . . "

to say : "and update".  The phrase becomes:  "The department must complete an IT security risk assessment and update the department’s mission, business continuity, and disaster recovery plans annually . . . "

All three of these changes were done to separate the requirement into two distinct requirements - completion of the IS-RM and update of the department’s mission, business continuity, and disaster recovery plans.  This clarifies that collection of a department's mission, business continuity, and disaster recovery plans is not part of Information Security Risk Management tool or process.

The Office of Emergency Management is responsible for the departmental mission, business continuity, and disaster recovery plans. They plan to put this requirement in their policy sometime in 2021.