Statutes, codes, and regulations
New Jersey Administrative Code
Title 15 - STATEChapter 3 - RECORDS RETENTION
Subchapter 4 - IMAGE PROCESSING OF PUBLIC RECORDS
Section 15:3-4.11 - Disaster recovery/contingency planning

N.J. Admin. Code § 15:3-4.11

Download
PDF
Current through Register Vol. 56, No. 24, December 18, 2024
Section 15:3-4.11 - Disaster recovery/contingency planning
(a)Disaster Recovery. Effective disaster recovery and contingency plans require that proper on-site and off-site storage facilities be maintained. The scope of the plans, and the specific coverages adopted, should be aligned with risks relative to the loss of records stored on the systems. This includes consideration of likely threats to the systems and the impacts of lost records in areas such as revenue in-take, the rights/obligations of the government and its citizenry, security/confidentiality, the historical value and context of the records, and continuity of essential services for public health and safety. Agencies must assess whether the records can be reconstructed via other sources and determine the costs associated with guarding against records loss through a disaster recovery program. Agencies shall balance the costs of disaster recovery programs with the likelihood and impacts of records losses. Risk assessments may help agencies determine the period of time within which systems, applications, or functions must be recovered after an outage, and the economic feasibility of various recovery options. At a minimum, disaster recovery/contingency planning must include the following elements:
1. An off-site storage facility shall contain adequate storage space for:
i. Source and object production programs;
ii. Master files and transaction files to recreate the current master files;
iii. System and program documentation;
iv. Operating systems and utility programs; and
v. Other vital records.
2. The remote backup storage facility shall:
i. Be located at a safe distance from a data center or agency offices, as based on a risk assessment, ordinarily five or more miles distant;
ii. Enforce adequate access control; and
iii. Provide for the storage and maintenance of backup tapes and other magnetic media in accordance with standards established in N.J.A.C. 15:3-6.5.
3. An emergency plan shall include:
i. The physical security of the computer installation;
ii. The actions to be taken in specific emergency situations; and
iii. The contingency procedures required to recover from a disaster or computer system failure.
4. A suitable backup procedure shall:
i. Provide backup processing for required processing in volume;
ii. Provide sufficient processing time as long as is required; and
iii. Provide the documentation required for management to adequately respond to a disaster.
(b) Data center disaster and recovery contingency plans shall include:
1. Data files and program files backups in place;
2. A computer system backup in place or plan for replacing the system;
3. A remote storage location for emergency procedures manuals;
4. An alternative input and output distribution system ready to operate or plan for replacing the system;
5. An assignment of duties for reconstruction and off-site processing in the possession of all trusted personnel; and
6. A contingency procedure in place to recover from a disaster or computer system failure.

N.J. Admin. Code § 15:3-4.11

Amended by47 N.J.R. 1345(b), Effective 6/15/2015