© 2009 President and Fellows of Harvard College.
If the loss of a set of confidential data, or the extended loss of access to it, presents a substantial business risk, then the security and availability of this confidential information must be assured. Each business area using such confidential information must develop and document a business continuity plan containing data backup, disaster recovery timeline, methodology, documentation, procedures, and action steps.
Harvard's operations could be significantly disrupted if a key system were to be disabled due to an accident (a fire for example) or a hacking attack. A business continuity plan can help minimize the impact and duration of any such outage.