"VCCS Checklist and Statement of Compliance"
Technology Standard Contingency Planning and Business Recovery Program Annual Statement of Compliance Version: 1.0 Status: Approved: 12/18/08 Contact: Director, Technology Services The checklist must be signed by the preparer (Planning Coordinator) and the agency head (College President) and forwarded to: Director, Technology Services Virginia Community College System 14th Floor 101 North 14th Street Richmond, VA 23219 A copy must be retained by the College Information Security Officer (ISO) along with applicable supporting documentation. VCCS Planning and Business Recovery Program (ITRM Standard SEC501-01) Completion Checklist and Statement of Compliance Component Completion Status Comments [If not completed, indicate when the process will be completed and a justification for not completing the process in entirety] Completed In Progress Risk Management Business Impact Analysis IT Security Roles and Responsibilities IT System and Data Sensitivity Classification IT System Inventory and Definition IT Security Audits Risk Assessment Contingency Planning Completed In Progress IT Disaster Recovery Planning IT System and Data Backup and Restoration Continuity of Operations Planning IT Systems Security Completed In Progress IT System Hardening IT Systems Interoperability Security Malicious Code Protection IT Systems Development Life Cycle Security IT Systems Security Plans Application Security Logical Access Control Completed In Progress Account Management Password Management Remote Access Data Protection Completed In Progress Data Storage Media Protection Encryption Facilities Security Completed In Progress Personnel Security Completed In Progress Access Determination and Control IT Security Awareness and Training Acceptable Use Email Communications Threat Management Completed In Progress Threat Detection Incident Handling IT Security Monitoring and Logging Data Breach Notifications IT Asset Management Completed In Progress IT Asset Control Software License Management Configuration Management and Change Control I certify the results of the Contingency Planning and Business Recovery Program and all applicable VCCS Standards. The final report includes the Business Continuity Plan and the components identified above as outlined in the ITRM Standard SEC501-01. All supporting documentation is on file in the Information Security Office. ___________________________________________________________ College Name ___________________________________________________________ Preparer’s Signature Date Signed ___________________________________________________________ President’s Signature Date Signed