Skip to Main Content

Recommendations for Business Continuity Planning and Disaster Recovery Planning


The Office of Information Security strongly recommends that all units have a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) for critical information systems that have a high need for availability without interruption.

Recommended Framework

The National Institute of Standards and Technology Special Publication 800-34: Contingency Planning Guide for Federal Information Systems is a useful guide that can assist UGA units in creating BCPs and DRPs for their critical systems.

NIST SP 800-34 defines various types of IT contingency plans--including BCPs and DRPs--and outlines a six step planning process for creating contingency plans:

  1. Develop the Contingency Planning Policy Statement
  2. Conduct the Business Impact Analysis (BIA)
  3. Identify Preventative Controls
  4. Create Contingency Strategies
  5. Plan Testing, Training and Exercises
  6. Plan Maintenance


Please contact the Office of Information Security via the EITS Helpdesk if you need any assistance creating BCPs or DRPs for your unit, or if you have any questions about using the recommended NIST SP 800-34 framework for contingency planning.