Business Continuity Management

The purpose of this policy is to define the necessary procedures to mitigate the effects of disasters and incidents that may cause disruption of IT services, work activities, protect critical operations and activities from disasters, and ensure the fastest possible recovery of systems. 

This policy applies to all members of UTAS-Sur, whether on a temporary or permanent basis as well as any third parties working with or contracted by the university, it covers all environments where the university’s information systems are operated.  

Information Systems and Educational Technologies Center.

‏Assistant Vice Chancellor for UTAS – Sur.

Any violation of this policy by all members or third parties (suppliers, contractors, business partners, etc.) will be subject to disciplinary and legal actions in accordance with the laws of the Sultanate of Oman, including regulations related to cybersecurity, university’s policies, labor laws, and electronic transactions. 

 Business Continuity and Risk Assessment:

• UTAS-Sur must implement an appropriate framework to ensure business continuity management and address risks that may affect the University and recover lost information due to fire, earthquakes, natural disasters, system failures (devices), and ensure the data stored securely for required period. 

• Business continuity planning should be based on the specific risks that may cause operational disruptions, recovery damage scope, and recovery period. 

• The Information Security Department should evaluate the IT risk, incident-based risk assessments and followed by impact analysis. 

• Risk assessment must determine risk levels’ priorities and their impact on the University’s goals. It should also define permissible outage durations and restoration priorities. 

• The University should include the main and sensitive IT resources, analyzing the impact of disruption services and recovery priorities and procedures   

 

Developing and Implementing Business Continuity Plans for Information Security: 

• Emergency response procedures must be established to support business continuity, including network support services and information processing services, ensuring they continue to function effectively during disasters. 

• UTAS-Sur must ensure that business continuity management includes information security aspects and determines sufficient measures of securing information systems. 

• The university’s management must ensure that financial, organizational, technical, and environmental resources meet business continuity requirements. 

• Department heads must be responsible for establishing business continuity plans inside their department. 

• Business continuity plans must be stored at an appropriate location in the main site and ensure that alternative resources for activity continuity are secured at another location. 

 

Business Continuity Planning Framework: 

 

UTAS-Sur must establish a business continuity planning framework that includes the following: 

• Conditions for activating plans (how to assess situations and who will be involved). 

• Emergency response procedures to mitigate negative impacts on activities and personnel safety, including immediate action protocols and coordination with local authorities (such as police, fire departments, and government emergency response services). 

• Recovery procedures for essential activities or relocating operations to alternative sites and restoring normal operations within the required timeframes. 

• Procedures for resuming normal operations. 

• A maintenance and monitoring schedule for the plan’s effectiveness and sustainability. 

• Awareness and training activities to ensure business continuity and effective execution. 

• Clear definition of responsible individuals and their designated substitutes, along with contact information. 

• Protecting and securing sensitive information systems and resources. 

• Backups and restoring procedures. 

 

Testing, Maintaining, and Evaluating Business Continuity Plans: 

• Business continuity plans should be regularly tested to ensure their accuracy and effectiveness. A business continuity testing schedule should outline how each component will be evaluated, ensuring alternative emergency teams are informed of procedures and resources available to support emergency response. 

• Business continuity plans should be updated and maintained through continuous reviews and assessments to adapt to ongoing changes and challenges, including: 

– Employees. 

– Addresses and phone numbers. 

– Work strategies. 

– Facilities, buildings, and resources. 

– Regulations. 

– Contractors, suppliers, and all members. 

– current, new or canceled operations. 

– Operational and financial risks. 

 

Dean of Information Technology at UTAS-Sur.