business continuity planfor university

8/3/2019 Business Continuity Planfor University

1/53

P lan Annex

BUSINESS CONTINUITY

2011


2/53

Published Spring 2011


3/53


4/53


5/53


6/53


7/53

Table of Contents

Record of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

A. Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

B. Plan Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

C. Concept of Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

D. Senior Leadership Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

E. Business Continuity Planning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

F. Business Impact Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

G. Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

H. Risk Management / Business Continuity Plan Development . . . . . . . . . . . . . . . . . . . 9

I. Other Policies, Standards, and Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

J. Risk Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

K. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

A. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

B. Internal and External Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

C. Interdependencies Telecommunications Infrastructure . . . . . . . . . . . . . . . . . . . . 27

D. Third-party Providers, Key Suppliers, and Business Partners . . . . . . . . . . . . . . 29

E. Technology Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

F. BCP and Personnel Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37G. Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

H. Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

I. Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43


8/53


9/53

B u s i n e s s C o n t i n u i t y P l an A n n e x

RECORD OF CHANGES

Change # Date of Change Change Entered By Date Entered


10/53

A. AUTHORITY

1. Federal

Homeland Security Presidential Directive/HSPD-5, Management of Domestic

Incidents

NFPA Standard 1600: Standard on Disaster/Emergency Management and BusinessContinuityPrograms

NFPA 1561 Standard on Emergency Services Incident Management System

2005Edition

NFPA72AnnexEMassNoticationSystems

2. State of Texas

Texas Administrative Code Title 1 Part 10 Chapter 202 Subchapter C Rule

202.74

TexasExecutiveOrderRP57

Texas Department of Information Resources: Business Continuity Planning Guidelines.December2004

NationalResponseFramework

NationalIncidentManagementSystem

JointCommissionforAccreditationofHealthOrganizations:StandardEC1.4

3. The University of Texas System

MemotoChancellorYudofdatedJuly20,2007:Subject:SurveyonEmergency

andIncidentResponseExercises

B. PLAN REVIEW

TheBusiness Continuity Plan AnnexisacomponentoftheEmergency Management Plan.

TheBusiness Continuity Plan Annex willbe reviewedannually andwillbe updatedand

revisedasappropriate.

Interimrevisionswillbemadewhenoneofthefollowingoccurs:

A change in university site or facility conguration that materially alters the

informationcontainedintheplanormateriallyaffectsimplementationoftheplan

Amaterialchangeinresponseresources

Anincidentoccursthatrequiresareview

Internal assessments, third party reviews, or experience in drills or actual

responsesidentifysignicantchangesthatshouldbemadeintheplan

Newlaws,regulations,orinternalpoliciesareimplementedthataffectthecontents

ortheimplementationoftheplan

Otherchangesdeemedsignicant

Planchanges,updates,andrevisionsaretheresponsibilityoftheassociatevicepresident

for CampusSafety andSecurity whowill ensure thatany plan changes are distributed

accordingly.

2


11/53


C. CONCEPT OF OPERATIONS

The Business Continuity Plan Annex provides guidance to university colleges, schools,

departments, and agencies to ensure nancial integrity and continuity of service to the

community in theeventofanaturalorman-madedisaster.The businesscontinuityplan

(BCP) is an annex of theEmergency Management Plan. All emergency planning andresponseprovisionsofthatdocumentandotherannexareineffect.ThisBCPandunitplans

alladdressthefourphasesofemergencyplanning(mitigation,preparedness,response,and

recovery)buttheBCPhasspecialemphasisontherecoveryphase.

Operatingdisruptionscanoccurwithorwithoutwarning,andtheresultsmaybepredictable

orunknown.Itisimportantthatthethreemissions(teaching,research,andservice)ofthe

universityaresustainedduringanyemergency.Firstpriorityisalwaysthesafetyofthestaff,

faculty,students,andvisitors.TheuniversityEmergency Management Planaddressesactions

toprotectlifeandproperty.Thisannexfocusesonbusinessoperationsandthesustenance

ofcriticalfunctionsfortheuniversity.Businessoperationsfortheuniversitymustberesilientand the effectsofdisruptions inservicemustbeminimized inorder tomaintain campus

trust and condence.Effectivebusiness continuityplanning establishes thebasis forthe

universitytomaintainandrecoverbusinessprocesseswhenoperationshavebeendisrupted

unexpectedly.

Business continuity planning is the processwhereby the university and the subordinate

componentsattempttoensurethemaintenanceorrecoveryofoperations,includingservices,

whenconfrontedwithadverseeventssuchasnaturaldisasters,technologicalfailures,human

error,orterrorism.

Theobjectivesof thisBCParetominimizenancial losstotheuniversityorcomponents;

continuetoappropriatelyservestudents,staff,faculty,andvisitors;andmitigatetheeffects

disruptionscanhaveontheuniversitysstrategicplans,reputation,operations,andabilityto

remainincompliancewithapplicablelawsandregulations.Changingbusinessprocesses

(internallytotheuniversityandexternallytothebroadercommunity)andnewthreatscenarios

requiretheuniversitytomaintainupdatedandviableBCPsatalltimes.

Newbusinesspractices,changesin technology,andincreased terrorismconcerns,have

focusedevengreaterattentionontheneedforeffectivebusinesscontinuityplanningand

havealteredthebenchmarksofaneffectiveplan.ThisBCPwilltakeintoaccountthepotential

forwide-areadisastersthateffectanentireregionandfortheresultinglossorinaccessibility

ofstaff.ThisBCPalsoconsidersandaddressestheinterdependenciesofalluniversityunits

aswellasinfrastructure.Inmostcases,recoverytimeobjectivesarenowmuchshorterthan

theywereevenafewyearsago,andforsomeunitsrecoverytimeobjectivesarebasedon

hoursandevenminutes.

Departments and agencies of the university should incorporate business continuity

considerationsintobusinessprocessdevelopmenttomitigateproactivelytheriskofservice

disruptions.IncreatinganeffectiveBCP,universitycomponentsshouldnotassumeareduced

demandforservicesduringthedisruption.Infact,demandforsomeservicesmayincrease.


12/53

Thisplanrecognizedthatwhiletechnologywastheprimarybasisforconcern,anenterprise-wide,process-orientedapproach thatconsiders technology,business processes, testing,andcommunicationstrategiesiscriticaltobuildingaviableBCP.

Eachcollege,school,departmentandunitofTheUniversityofTexasatAustinisrequiredto

participateinthedevelopmentofaBCPtoaddressdisruptions.Theunitlevelatwhichthisplanwillbedevelopedwillbedeterminedbytheprovost,responsibledean,orvicepresident.Thisplanwillinclude:

BusinessImpactAnalysis RiskAnalysis RiskAssessment PlanComponents

Strategy PreventionMeasure MitigationMeasures EmergencyResponse UnitContinuityandSuccessionofLeadership EmergencyCommunications ResourceManagementandLogistics MutualAid(InternalandExternal)

TrainingandAwareness ExerciseandTesting

Theuniversitywillensurecoordinationwiththefollowingexternalagencies:

TheCityofAustinOfceofEmergencyManagement GovernorsOfceDivisionofEmergencyManagement

DepartmentofStateHealthServices Otheragenciesasdetermined Coordination with Strategic Leadership Council (Information Resources) on technologymigrationplansinordertoenhancecontinuityoperationsthroughthe acquisitionofnewtechnology

D. SENIOR LEADERSHIP RESPONSIBILITIES

Action Summary

Theuniversityseniorleadershiptoincludedeans,vicepresidents,associatevicepresidents,directors,andequivalentsareresponsiblefor:

AllocatingsufcientresourcesandknowledgeablepersonneltodeveloptheBCP Developingacontinuityandsuccessionofleadership Settingpolicybydetermininghowtheinstitutionwillmanageandcontrolidentied risk ApprovingtheBCPonanannualbasis Conductinganddocumentingabusinesscontinuityriskassessmentannuallyin accordancewithTAC202.72thatidentiesmissioncriticalbusinessprocesses EnsuringtheBCPiskeptup-to-dateandemployeesaretrainedandawareoftheir

roleinitsimplementation

4


13/53


Seniorleadership,asnotedabove,areresponsible foridentifying,assessing,prioritizing,

managing, andcontrolling risks.Theymust ensurenecessary resources aredevoted to

creating,maintaining,andtestingtheplan.

These leaders fulll their business continuity planning responsibilities by setting policy,

prioritizingcriticalbusinessfunctions,allocatingsufcientresourcesandpersonnel,providingoversight, approving theBCP, providing training, andensuringmaintenanceofa current

plan.

Theeffectivenessofbusiness continuityplanning depends on theuniversitys leadership

commitmentand abilitytoclearly identifywhatmakesexistingbusinessprocesseswork.

Eachcollege,school,department,orunitmustevaluateitsownuniquecircumstancesand

environmenttodevelopacomprehensiveBCP.

Attheuniversity,allbusinesscontinuityplanningwillbecoordinatedbytheassociatevice

presidentofCampusSafetyandSecuritythroughtheOfceofEmergencyPreparedness.Whiletheplanningpersonnelmayrecommendcertainprioritization,theseniorleadershipof

theuniversityisresponsibleforunderstandingcriticalbusinessprocessesandsubsequently

establishingplanstomeetbusinessprocessrequirementsinasafeandsoundmanner.

E. BUSINESS CONTINUITY PLANNING PROCESS

Action Summary

TheuniversityBCPplanningprocessreectsthefollowingobjectives: Businesscontinuityplanningisaboutmaintaining,resuming,andrecoveringthe

business,notjusttherecoveryofthetechnology.

Theplanningprocessshouldbeconductedonanenterprise-widebasis.

Athoroughbusinessimpactanalysisandriskassessmentarethefoundationof

aneffectiveBCP.

The effectiveness ofaBCP canonly be validated throughtesting or practical

application.

TheBCPwillbeupdatedatleastannuallytoreectandrespondtochangesin

thenancialinstitutionoritsserviceprovider(s).

Theuniversitywillconductbusinesscontinuityplanningonanenterprise-widebasis.Colleges,

schools,departments,andunitsmustconsiderthecriticalaspectsofitsbusinessoperations

increatingaplanforhowitwillrespondtodisruptions.Thisplanisnotlimitedtotherestoration

ofinformationtechnologysystems,services,ordatamaintainedinelectronicform,assuch

actions,bythemselves, cannotalwaysput aunitback inoperation.WithoutaBCPthat

considers every critical business function, including personnel, physical workspace, and

similarissues,theuniversitymaynotbeabletoresumeormaintainitsteaching,research,and

communityservicemissionsatanacceptablelevel.Theuniversityrecognizesthesystemic

impactthatservicedisruptionsmayhaveontheintegrityoftheuniversity.


14/53

Universitycolleges,schools,departments,andunitsmustupdatetheirBCPsasbusiness

processeschange.Forexample,theuniversityisincreasinglyrelyingondistributednetwork

solutions to support business processes. This increased reliance can include desktop

computersmaintainingkeyapplications.Whiledistributednetworkingprovidesexibilityin

allowingtheuniversitytodeliveroperationstowhereemployeesandcustomersarelocated,

italsomeansthatend-usersshouldkeepBCPpersonnelup-to-dateonwhatconstitutescurrent business processes and signicant changes. Technological advancements are

allowingfasterandmoreefcientprocessing,therebyreducingacceptablebusinessprocess

recoveryperiods.

Inresponsetocompetitiveandcustomerdemands,manyunitsaremovingtowardshorter

recovery periods anddesigning technology recovery solutions into business processes.

These technological advancements increase the importance of university-widebusiness

continuityplanning.AlluniversityBCPsfocusonaprocess-orientedapproachtobusiness

continuityplanningthatinvolves:

BusinessImpactAnalysis(BIA) RiskAssessment

RiskManagement

RiskMonitoring

Businesscontinuityplanningshouldcenteronallcriticalbusinessfunctionsthatmusttobe

recoveredtomaintainoperations.TheBCPmustbeviewedasonecriticalaspectofthe

university-wideprocess.Thereviewof eachcriticalbusiness functionshould include the

technologythatsupportsit.

F. BUSINESS IMPACT ANALYSIS

Action Summary

Abusinessimpactanalysis(BIA)istherststepindevelopingaBCP.Itshouldinclude:

Identicationofthepotentialimpactofuncontrolled,non-speciceventsonthe

institutionsbusinessprocessesanditscustomers

Considerationofalldepartmentsandbusinessfunctions,notjustdataprocessing

Estimation of maximum allowable downtime and acceptable levels of data,

operations,andnanciallosses

TherststepforunitsoftheuniversitytodevelopaBCPistoperformaBIA.Theamountof

timeandresourcesnecessarytocompletetheBIAwilldependonthesizeandcomplexityof

theunit.Attheuniversity,allbusinessfunctionsandunitsmustbeincludedintheplanning

process,notjustdataprocessing.

TheBIAphaseidenties thepotential impactof uncontrolled,non-speciceventsonthe

universitysbusinessprocesses.TheBIAphasealsoshoulddeterminewhatandhowmuch

isat riskby identifying critical business functions and prioritizing them. TheBIA should

estimatethemaximumallowabledowntimeforcriticalbusinessprocesses,recoverypoint

objectivesandbackloggedtransactions,andthecostsassociatedwithdowntime.

6


15/53


16/53

Many unitswithin theuniversityhave used theEnterpriseRiskManagementSystem to

analyzerisk.Thisplanningtoolisusefulindevelopingthenecessaryriskinformation.This

riskassessmentstepiscriticalandhassignicantbearingonwhetherbusinesscontinuity

planning effortswill be successful. If the threat scenarios developed are unreasonably

limited,theresultingBCPmaybeinadequate.Duringtheriskassessmentstep,business

processesandthebusiness impactanalysisassumptionsarestress testedwith variousthreatscenarios.Thiswillresultinarangeofoutcomes,somethatrequirenoactionfor

business processes tobesuccessfulandothersthatwill require signicantBCPs tobe

developedandsupportedwithresources(nancialandpersonnel).

TheOfceofCampusSafetyandSecuritywillworkwithuniversityunitstodeveloprealistic

threatscenariosthatmaypotentiallydisrupttheirbusinessprocessesandabilitytomeetthe

expectationsofstudents,staff,faculty,andvisitors.Threatscantakemanyforms,including

maliciousactivityaswellasnaturalandtechnicaldisasters.Wherepossible,unitsshould

analyzeathreatbyfocusingonitsimpactontheentity,notthenatureofthethreat.For

example, theeffects ofcertain threatscenarios canbe reduced tobusiness disruptionsthataffectonlyspecicworkareas,systems,facilities(i.e.,buildings),orgeographicareas.

Additionally,themagnitudeofthebusinessdisruptiondependsuponawidevarietyofthreat

scenariosbasedonpracticalexperiencesandpotentialcircumstancesandevents.Ifthreat

scenariosarenotcomprehensive,theBCPsmaybetoobasicandomitreasonablesteps

thatcouldimprovebusinessprocessesresiliencytodisruptions.Threatscenariosshould

considertheimpactofadisruptionandprobabilityofthethreatoccurring.

Threatsthatcouldimpactaunitcanrangefromthosewithahighprobabilityofoccurrence

andlowimpacttotheunitoruniversity(e.g.,briefpowerinterruptions),tothosewithalow

probabilityofoccurrenceandhighimpactontheinstitution(e.g.,hurricane,terrorism).High

probabilitythreatsareoftensupportedbyveryspecicBCPs.However,themostdifcult

threatstoaddressarethosethathaveahighimpactontheuniversitybutalowprobabilityof

occurrence.Usingariskassessment,BCPsmaybemoreexibleandadaptabletospecic

typesofdisruptionsthatmaynotbeinitiallyconsidered.

Itisatthispointinthebusinesscontinuityplanningprocessthatuniversityunitsmustperform

agapanalysis.Inthiscontext,agapanalysisisamethodicalcomparisonofwhattypesof

plans theunit needs tomaintain, resume,or recovernormalbusiness operationsin the

eventofadisruptionversuswhattheexistingBCPprovides.Thedifferencebetweenthetwo

highlightsadditionalriskexposurethatmanagementandtheboardneedtoaddressinBCP

development.Theriskassessmentconsiders:

Theimpactofvariousbusinessdisruptionscenariosonboththeinstitutionand

thestudents,staff,faculty,andvisitors

Theprobabilityofoccurrencebased, forexample,onaratingsystemofhigh,

medium,andlow

The loss impact on information services, technology, personnel, facilities, and

serviceprovidersfrombothinternalandexternalsources

Thesafetyofcriticalprocessingdocumentsandvitalrecords

Abroadrangeofpossiblebusinessdisruptions,includingnatural,technical,and

humanthreats

8


17/53


When assessing the probability of a specic event occurring, units should consider the

geographiclocationoffacilitiesandtheirsusceptibilitytonaturalthreats(e.g.,locationina

oodplain)andtheproximitytocriticalinfrastructures(e.g.,powersources,nuclearpower

plants,airports,pointsofinterest,majorhighways,railroads).Theriskassessmentshould

includealllocationsandfacilities.Worst-casescenarios,suchasdestructionofthefacilities

andlossoflife,shouldbeconsidered.Attheconclusionofthisphase,theunitwillhaveprioritized business processesand estimatedhow theymay bedisrupted under various

threatscenarios.

H. RISK MANAGEMENT / BUSINESS CONTINUITY PLANDEVELOPMENT

Action Summary

Risk management is thedevelopmentof a written, enterprise-wideBCP. The institution

shouldensurethattheBCPis:

Writtenanddisseminatedsothatvariousgroupsofpersonnelcanimplementitin

atimelymanner

Specicregardingwhatconditionsshouldpromptimplementationoftheplan

Specicregardingwhatimmediatestepsshouldbetakenduringadisruption

Flexible to respond to unanticipated threat scenarios and changing internal

conditions

Focusedonhowtogetthebusinessupandrunningintheeventthataspecic

facilityorfunctionisdisrupted,ratherthanontheprecisenatureofthedisruption

Effectiveinminimizingservicedisruptionsandnancialloss

AfterconductingtheBIAandriskassessment,managementshouldprepareawrittenBCP.

The plan shoulddocument strategiesandprocedures tomaintain, resume, and recover

criticalbusinessfunctionsandprocessesandshouldincludeprocedurestoexecutetheplans

prioritiesforcriticalversusnon-criticalfunctions,services,andprocesses.TheBCPshould

describeinsomedetailthetypesofeventsthatwouldleaduptotheformaldeclarationof

adisruptionand theprocess forinvoking theBCP. Itshoulddescribe theresponsibilities

andprocedurestobefollowedbyeachcontinuityteamandcontaincontactlistsofcritical

personnel.TheBCPshoulddescribeindetailtheprocedurestobefollowedtorecovereach

businessfunctionaffectedbythedisruptionandshouldbewritteninsuchawaythatvariousgroupsofpersonnelcanimplementitinatimelymanner.

Aspreviouslydiscussed,aBCPismorethanrecoveryofthetechnology,butratherarecovery

ofallcriticalbusinessoperations.Theplanshouldbeexibletorespondtochanginginternal

and external conditionsand new threatscenarios.Rather than being developed around

specicevents(e.g.revs.tornado),theplanwillbemoreeffectiveifitiswrittentoadequately

addressspecictypesofscenariosandthedesiredoutcomes.ABCPshoulddescribethe

immediatestepstobetakenduringaneventinordertominimizethedamagefromadisruption

aswellastheactionnecessaryto recover.Thus,businesscontinuityplanningshouldbe


18/53

focusedonmaintainingandresuming.Recoveringunitswouldrespondif:

Criticalpersonnelarenotavailable

Criticalbuildings,facilities,orgeographicregionsarenotaccessible

Equipmentmalfunctions (hardware, telecommunications,operationalequipment)

Softwareanddataarenotaccessibleorarecorrupted

Vendorassistanceorserviceproviderisnotavailable Utilitiesarenotavailable(power,telecommunications)

Criticaldocumentationand/orrecordsarenotavailable

UnitsshouldcarefullyconsidertheassumptionsonwhichtheBCPisbased.Plannersshould

notassumeadisasterwillbelimitedtoasinglefacilityorasmallgeographicarea.Units

shouldnotassumetheywillbeabletogainaccesstofacilitiesthathavenotbeendamaged

orthatcriticalpersonnel(includingseniorleadership)willbeavailableimmediatelyafterthe

disruption.Assumingpublictransportationsystemssuchasairlines,railroads,andsubways

willbeoperatingmayalsobeincorrect.

Theuniversityshouldnotassumethetelecommunicationssystemwillbeoperatingatnormal

capacity.TheBCPconsistsofmanycomponentsthatarebothinternalandexternaltothe

university.TheactivationofaBCPandrestorationofbusinessintheeventofanemergency

is dependent on thesuccessful interaction of variouscomponents. The overall strength

andeffectivenessofaBCPcanbedecreasedbyitsweakestcomponent.AneffectiveBCP

coordinatesacrossitsmanycomponents,identiespotentialprocessorsystemdependencies,

andmitigatestherisksfrominterdependencies.

Typically, theunit anduniversity business continuity coordinators or teams facilitate the

identication of risk and the development of risk mitigation strategies across businessareas. Internal causesof interdependencies can include line ofbusinessdependencies,

telecommunicationlinks,and/orsharedresources(i.e.,printoperationsore-mailsystems).

External sources of interdependencies that can negatively impact a BCP can include

telecommunication providers, service providers, customers, business partners, and

suppliers.

I. OTHER POLICIES, STANDARDS, AND PROCESSES

Action SummaryOther university policies, in addition to theBCP, should incorporatebusiness continuity

planningconsiderations.Theseinclude:

Systemdevelopmentlifecycles

Changecontrolpolicies

Datasynchronizationprocedures

Employeetrainingandcommunicationplans

Insurancepolicies

Government,media,andcommunityrelationspolicies

Security

10


19/53


InadditiontodocumentingBCPs,otherpolicies,standards,andpracticesshouldaddress

continuityandavailability considerations.These include systemdevelopment life cycles

(SDLC),changecontrol,anddatasynchronization.

1. Systems Development Life Cycle (SDLC) and Project Management

As part of the SDLC process, units should incorporate business continuity considerations into project plans. Evaluating business continuity needs during

theSDLCprocessallowsforadvancepreparationwhenaninstitutionisacquiring

ordevelopinganewsystem.Italsofacilitatesthedevelopmentofamorerobust

systemthatwillpermiteasiercontinuationofbusinessintheeventofadisruption.

During the development and acquisition ofnew systems, SDLC standards and

projectplansshouldaddress,ataminimum,issuessuchas:

Unitrequirementsforresumptionandrecoveryalternatives

Informationonbackupandstorage

Hardwareandsoftwarerequirementsatrecoverylocations

BCPanddocumentationmaintenance Disasterrecoverytesting

Stafngandfacilities

2. Change Control

Change management and control policies / procedures should appropriately

address and document the business continuity considerations. Change

management in computer systems should be included in the change control

process and implementation phase. Whenever a system change is made to

an application, operating system, or utility that resides in the production

environment,a methodology should exist to ensure all backup copies of those systems are updated to reect the new environment. In addition, if a new or

changed system is implemented and results in new hardware, capacity

requirements,orothertechnologychanges,managementshouldensuretheBCP

is updated and the recovery site can supportthe new production environment.

3. Data Synchronization

Datasynchronizationcanbecomeachallengewhendealingwithanactive/back-

up environment. The larger and more complex an institution is (i.e., shorter

acceptableoperational outage period,greater volume ofdata,greater distance

between primary and backup location), the more difcult synchronization can become.Ifbackupcopiesareproducedasofthecloseofabusinessdayanda

disruptionoccursrelativelylatethenextbusinessday,allthetransactionsthattook

placeafter the backupcopiesweremadewouldhave to be recreated, perhaps

manually,inordertosynchronizetherecoverysitewiththeprimarysite.

Managementandtestingof contingencyarrangementsarecritical toensure the

recoveryenvironment is synchronized with the primary work environment. This

testingincludesensuring software versionsarecurrent, interfacesexistandare

tested, and communication equipment is compatible. If the two locations,

underlying systems, and interdependent business units are not synchronized,


20/53

thereisthelikelypossibilitythatrecoveryatthebackuplocationcouldencounter

signicant problems.Proper changecontrol, information backup, and adequate

testingcanhelpavoidthissituation.Inaddition,managementshouldensure the

backupfacilityhasadequatecapacitytoprocesstransactionsinatimelymanner

intheeventofadisruptionattheprimarylocation.

4. Employee Training and Communication Planning

Theuniversity will develop enterprise-wide training and exercises.However, all

units should provide business continuity training for personnel to ensure all

parties are aware of their responsibilities should a disaster occur. Key

employees should be involved in the business continuity development process

aswellasperiodictrainingexercises.Theuniversitywillincorporate enterprise-

widetrainingaswellasspecictrainingforindividualbusinessunits.Employees

shouldbeawareofwhichconditionscallforimplementingallorpartsoftheBCP,

whois responsibleforimplementingBCPs forbusinessunitsandtheinstitution,

andwhattodoifthesekeyemployeesarenotavailableatthetimeofadisaster. Cross-trainingshouldbeutilizedtoanticipaterestoringoperationsintheabsence

ofkeyemployees.Employeetrainingshouldberegularlyscheduledandupdated

toaddresschangestotheBCP.

Communication planning should identify alternate communication channels

toutilizeduringadisaster,suchaspagers,cellphones,e-mail,ortwo-wayradios.

Anemergencytelephonenumber,e-mailaddress,andphysicaladdresslistshould

beprovidedtoemployeestoassistincommunicationeffortsduringadisaster.The

list should provide all alternate numbers sinceone ormore telecommunications

systemscouldbeunavailable.Additionally,thephonelistshouldprovidenumbers

forvendors,emergencyservices,transportation,andregulatoryagencies.Wallet

cards, Internet postings, and calling trees are possible ways to distribute

information to employees. Further, units should establish reporting or calling

locationstoassisttheminaccountingforallpersonnelfollowingadisaster.

Unitsshouldconsiderdevelopinganawarenessprogramtoinformtheuniversity

community,serviceproviders,andoutsideagencieshowtocontacttheinstitution

if normal communication channels are not in operation. The plan should also

designatepersonnelwhowillcommunicatewiththemedia,government,vendors,

andothercompaniesandprovideforthetypeofinformationtobecommunicated.

5. Insurance (generally, states and state institutions are self-insurers)

Insuranceiscommonlyusedtorecouplossesfromrisksthatcannotbecompletely

prevented. Generally, insurance coverage is obtained for risks that cannot be

entirely controlled yetcould representa signicant potentialfor nancial loss or

otherdisastrousconsequences.Thedecisiontoobtaininsuranceshouldbebased

on the probability and degree of loss identied during the BIA. Units of the

universitymustdetermine potentialexposure for various types ofdisasters and

reviewtheinsuranceoptionsavailablethroughtheuniversitytoensureappropriate

insurancecoverageisprovided.

12


21/53


University leaders must know the limits and coverage of the university and

examinethe university insurance policies tomake sure coverage is appropriate

giventheriskproleoftheunit.Allunitsmustperformanannualinsurancereview

to ensure the level and types of coverage are commercially reasonable and

consistentwithanylegal,management,andboardrequirements.Also,unitsmust

create and retain a comprehensive hardware and software inventory list in a secureoff-sitelocationinordertofacilitatetheclaimsprocess.

Unitsshouldbeawareofthelimitationsofinsurance.Insurancecanreimbursefor

some or all of the nancial losses incurred as the result of a disaster or other

signicantevent.However,insuranceisbynomeansasubstituteforaneffective

BCP, as its primaryobjective isnot therecovery ofthe business. For example,

insurancecannotreimburseaunitfordamagetoitsreputation.

6. Government and Community

The university will coordinate with community and government ofcials and

the news media to ensure the successful implementation of the BCP. Ideally,

theserelationships will be established during the planning or testing phases of

business continuity planning. The university will develop the proper protocol in

case a city-wide or region-wide event impacts the institutions operations. The

university will contact state and local authorities during the risk assessment

process to inquire about specic risks or exposures for all their geographic

locations andspecialrequirements foraccessing emergencyzones.During the

recoveryphase,facilitiesaccess,power,andtelecommunicationssystemswould

be coordinated with various entities to ensure timely resumption of operations. Facilities access shouldbe coordinatedwith the policeand redepartmentand

depending on the nature and extentof thedisaster, possibly theTravis County

EmergencyOperationsCenter,theStateofTexasEmergencyOperationsCenter,

andtheFederalEmergencyManagementAgency(FEMA).

J. RISK MONITORING

Action Summary

Riskmonitoringisthenalstepinbusinesscontinuityplanning.Itshouldensurethatthe

unitsBCPisviablethrough:

TestingtheBCPatleastannually

SubjectingtheBCPtoindependentauditandreview

Updating the BCP based upon changes to personnel and the internal and

externalenvironments

RiskmonitoringensuresaBCPisviablethroughtesting,independentreview,andperiodic

updating.


22/53

K. SUMMARY

Insummation,thefollowingsixfactorsarethecriticalaspectsofeffectivebusinesscontinuity

planning:

Businesscontinuityplanningshouldbeconductedonanenterprise-widebasis.

Athoroughbusinessimpactanalysisandriskassessmentarethefoundationof aneffectiveBCP.

Businesscontinuityplanningismorethantherecoveryofthetechnology;itis

therecoveryofthebusiness.

TheeffectivenessofaBCPcanonlybevalidatedthroughthoroughtesting.

TheBCPandtestresultsshouldbesubjectedtoindependentaudit.

ABCPshouldbeperiodicallyupdatedtoreectandrespondtochangesinthe

institution.

14


23/53

APPENDICES


24/53


25/53

APPENDIX A: Glossary

Back-up Generations:Amethodologyforcreatingandstoringbackupleswherebythe

youngest(ormostrecentle)isreferredtoastheson,thepriorleiscalledthefather,

andtheletwogenerationsolderisthegrandfather.Thisbackupmethodologyisfrequently

usedtorefertomasterlesfornancialapplications.

Business Continuity:Anongoingprocesssupportedbyseniormanagementandfundedto

ensurethatthenecessarystepsaretakentoidentifytheimpactofpotentiallosses,maintain

viablerecoverystrategies,recoveryplans,andcontinuityofservices(NFPA1600).

Business Continuity Plan (BCP):A comprehensivewrittenplan tomaintainor resume

businessintheeventofadisruption.

Business Impact Analysis (BIA): The process of identifying the potential impact of

uncontrolled,non-speciceventsonaninstitutionsbusinessprocesses.

Business Resilience:Anenterprise-widestateofreadinessincludingpeople,processes,information,facilities,andthirdpartiesaswellastechnologytocopeeffectivelywithpotentially

disruptiveevents

Data Synchronization:Thecomparisonandreconciliationofinterdependentdatalesat

thesametimesothattheycontainthesameinformation.

Disaster/Emergency Management:Anongoingprocesstoprevent,mitigate,preparefor,

respond to,andrecover froman incident that threatens life, property, operations, or the

environment(NFPA1600).

Disaster Recovery Plan:Aplanthatdescribestheprocesstorecoverfrommajorprocessinginterruptions.

Emergency Management Program:Aprogramthatimplementsthemission,vision,and

strategicgoalsandobjectivesaswellasthemanagementframeworkoftheprogramand

organization(NFPA1600).

Emergency Plan:Thestepstobefollowedduringand immediatelyafteranemergency

suchasare,tornado,bombthreat,etc.

Encryption:Theconversionofinformationintoacodeorcipher.

FEMA:AcronymforFederalEmergencyManagementAgency.

Gap Analysis: A comparison that identies the difference between actual and desired

outcomes.

GETS:AcronymfortheGovernmentEmergencyTelecommunicationsServicecardprogram.

GETScardsprovideemergencyaccessandpriorityprocessingforvoicecommunications

servicesinemergencysituations.


26/53

HVAC:Acronymforheating,ventilation,andairconditioning.

Impact Analysis [Business Impact Analysis (BIA)]:Amanagement levelanalysis that

identiestheimpactsoflosingtheentitysresources(NFPA1600).

Incident Command System:Astandardizedon-sceneemergencymanagementconcept

specicallydesignedtoallowitsuser(s)toadoptanintegratedorganizationalstructureequal

tothecomplexityanddemandsofsingleormultiple incidentswithout beinghinderedbyjurisdictionalboundaries(ICS-010-1).

Incident Management System (IMS):Thecombinationoffacilities,equipment,personnel,

procedures, and communications operating within a common organizational structure

designedtoaidinthemanagementofresourcesduringincidents(NFPA1600).

Media:Physicalobjectsthatstoredata,suchaspaper,harddiskdrives,tapes,andcompact

disks(CDs).

Mirroring:Aprocessthatduplicatesdatatoanotherlocationoveracomputernetworkinrealtimeorclosetorealtime.

Mitigation:Activitiestakentoreducetheseverityorconsequencesofanemergency(NFPA

1600).

Mutual Aid/Assistance Agreement:Aprearrangedagreementbetweentwoormoreentities

toshareresourcesinresponsetoanincident(NFPA1600).

Object Program: Aprogramthathasbeentranslatedintomachine-languageandisready

toberun(i.e.,executed)bythecomputer.

PBX:Acronymforprivatebranchexchange.

Preparedness:Activities,tasks,programs,andsystemsdevelopedandimplementedprior

toanemergencythatareusedtosupportthepreventionof,mitigationof,responseto,and

recoveryfromemergencies(NFPA1600).

Prevention:Activitiestoavoidanincidentortostopanemergencyfromoccurring(NFPA

1600).

Reciprocal Agreement: Anagreementwherebytwoorganizationswithsimilarcomputer

systemsagreetoprovidecomputerprocessingtimefortheotherintheeventoneofthe

systemsisrenderedinoperable.Processingtimemaybeprovidedonabesteffortoras

timeavailablebasis.

Recovery:Activitiesandprogramsdesignedtoreturnconditionstoalevelthatisacceptable

totheentity(NFPA1600).

Recovery Point Objectives:Theamountofdatathatcanbelostwithoutseverelyimpacting

therecoveryofoperations.

18


27/53

Recovery Site:Analternatelocationforprocessinginformation(andpossiblyconducting

business) inanemergency.Usually distinguishedas hot sites that arefullycongured

centerswithcompatiblecomputerequipmentandcoldsitesthatareoperationalcomputer

centerswithoutthecomputerequipment.

Recovery Time Objectives:Theperiodoftimethataprocesscanbeinoperable.

Recovery Vendors:Organizationsthatproviderecoverysitesandsupportservices fora

fee.

Resource Management:Asystemforidentifyingavailableresourcestoenabletimelyand

unimpededaccesstoresourcesneededtoprevent,mitigate,preparefor, respond to,or

recoverfromanincident(NFPA1600).

Response: Immediateandongoing activities, tasks,programs,and systems tomanage

theeffectsofanincidentthatthreatenslife,property,operations,ortheenvironment(NFPA

1600).

Routing:Theprocessofmovinginformationfromitssourcetoadestination.

Select Agent:Thistermhasthemeaningassignedin18U.S.C.175b,asthatsectionmay

beamendedfromtimetotime.

Server:Acomputerorotherdevicethatmanagesanetworkservice.Anexampleisaprint

server,adevicethatmanagesnetworkprinting.

Situation Analysis:Theprocessofevaluatingtheseverityandconsequencesofanincident

andcommunicatingtheresults(NFPA1600).

Source Program:Aprogramwritteninaprogramminglanguage(suchasC,Pascal,or

COBOL).Acompilertranslatesthesourcecodeintoamachinelanguageobjectprogram.

Stakeholder:Any individual,group, ororganization thatmight affect,be affected by, or

perceiveitselftobeaffectedbytheemergency(NFPA1600).

System Development Life Cycle (SDLC):Awrittenstrategyorplanforthedevelopmentand

modicationofcomputersystems,includinginitialapprovals,developmentdocumentation,

testingplansandresults,andapprovalanddocumentationofsubsequentmodications.

T-1 line:Aspecialtypeoftelephonelinefordigitalcommunicationonly.

UPS:Acronymforuninterruptiblepowersupply.Typicallyacollectionofbatteriesthatprovide

electricalpowerforalimitedperiodoftime.

Utility Programs:Aprogramusedtocongureormaintainsystems,ortomakechangesto

storedortransmitteddata.


28/53

UT Institution:TheUniversityofTexasSystemsnineacademicteachinginstitutionsand

sixhealthcenters.

UT System Administration:ThecentraladministrativeofcesthatleadandservetheUT

Institutions byundertakingcertaincentral responsibilities that result in greaterefciency

or higher quality than could be achieved by individual institutions or that fulll legal

requirements.

Vaulting:Aprocessthatperiodicallywritesbackupinformationoveracomputernetwork

directlytotherecoverysite.

20


29/53

APPENDIX B: Internal and External Threats

WhileaBCPshouldbefocusedonrestoringtheuniversitysabilitytodobusiness,regardless

ofthenatureofthedisruption,differenttypesofdisruptionsmayrequireavarietyofresponses

inordertoresumebusiness.Manytypesofdisastersimpactnotonlytheuniversitybutalso

thesurroundingcommunity.Thehumanelementcanbeunpredictableinacrisissituation

and should not be overlooked when developing a BCP. Employees and their familiescouldbeaffectedas signicantlyas,ormoresignicantly than, theuniversity.Therefore,

universityleadershipmustconsidertheimpactsuchadisruptionwouldhaveonpersonnel

theinstitutionwouldrelyonduringsuchadisaster.Forexample,providingaccommodations

andservicestofamilymembersofemployeesorensuringthatalternateworkfacilitiesare

incloseproximitytoemployeeresidencesmaymakeiteasierforemployeestoimplement

theinstitutionsBCP.Also,cross-trainingofpersonnelandsuccessionplanningmaybejust

asessentialasbackupproceduresaddressingequipment,data,operatingsystems,and

applicationsoftware.

ThisAppendixdiscussesthreeprimarycategoriesofinternalandexternalthreats:malicious

activity,naturaldisasters,andtechnicaldisasters.

Malicious Activity

1. Fraud, Theft, Or Blackmail

Since fraud, theft, or blackmail may be perpetrated more easily by insiders,

implementationofemployeeawarenessprogramsandcomputersecuritypolicies

is essential. These threats can cause the loss, corruption, or unavailability

ofinformation,resultinginadisruptionofservicetocustomers.Restrictingaccess

to information that may be altered or misappropriated reduces exposure. The

institutionmay beheld liable for release of sensitiveorcondential information pertaining to its customers; therefore, appropriate procedures to safeguard

informationarewarranted.

2. Sabotage

Personnel should know how to handle intruders, bomb threats, and other

disturbances.Thelocationsof criticaloperationcentersshouldnotbepublicized

and the facilities should be inconspicuous. A disgruntled employee may try to

sabotage facilities, equipment, or les. Therefore, personnel policies should

require the immediate removal from the premise of any employee reasonably

considered a threat,and the immediaterevocation oftheircomputer and facility accessprivileges.

3. Terrorism

Theriskofterrorismisrealandadequatebusinesscontinuityplanningiscriticalfor

auniversity in theeventaterroristattackoccurs.Someformsof terrorism(e.g.,

chemical or biological contamination)may leave facilities intact but inaccessible

for extended periods of time. The earlier an attack is detected the better the

opportunity for successful treatment and recovery.Active monitoring of federal


30/53

and stateemergencywarning systems,suchas local, stateandFEMA,and the

CenterforDiseaseControl(CDC)shouldbeconsidered.

Terrorism is not new, but themagnitude of disruptionand destruction continues

to increase. The loss of life, total destruction of facilities and equipment, and

emotionalandpsychologicaltrauma toemployeescanbedevastating.Collateral

damage can result in the loss of communications, power, and access to a

geographicareanotdirectlyaffected.Terroristattackscanrangefrombombings

of facilities to cyber-attacks on the communication, power, or nancial

infrastructures. The goal of cyber-terrorism is to disrupt the functioning of

information and communications systems. Unconventional attacks could also

include the use of chemical, biological, or nuclear material. Bioterrorists may

employbacterialorviralagentswitheffectsthataredelayed,makingprevention,

response,andrecoveryproblematic.Whiletheprobabilityofa full-scale nuclear

attackisremote,itisnecessarytoaddressthereadinesstodealwithattackson

nuclear power plants and industries using nuclear materials and for attacks

initiated by means of dirty nuclear devices, weapons combining traditional

explosiveswithradioactivematerials.

Natural Disasters

1. Fire

Arecanresultinlossoflife,equipment,anddata.Datacenterpersonnelmust

know what to do in the event of a re to minimize these risks. Instructions

and evacuation plans should be posted in prominent locations and should

include the designation of an outside meeting place so personnel can be

accounted for in an emergency and should include guidelines for securing or

removing media if time permits. Fire drills should be periodically conducted to ensure personnel understand their responsibilities. Fire alarm boxes and

emergencypowerswitchesshouldbeclearlyvisibleandunobstructed.Allprimary

and backup facilities should be equipped with heator smoke detectors.Ideally,

thesedetectorsshouldbelocatedintheceiling,inexhaustducts,andunderraised

ooring. Detectorssituated near air conditioning or intakeducts that hinder the

build-up of smoke may not trigger the alarm. The emergency power shutdown

shoulddeactivate theairconditioningsystem.Walls,doors,partitions,andoors

should be re-resistant. Also, the building and equipment should be grounded

correctlytoprotectagainstelectricalhazards.Lightningcancausebuildingres,

solightningrodsshouldbeinstalledasappropriate.Localreinspectionscanhelp

inpreparationandtraining.

Additionally, dry pipe sprinkler systems should be used, which activate upon

detection of a re and ll the pipe with water only when required, thereby

minimizing the riskofwaterdamage frombursted pipes.These systems should

be the staged type, where the action triggered by a re detector permits time

for operator intervention before it shuts down the power or releases re

suppressants. Personnel should know how to respond to these automatic

suppression systems as wellas the locationand operation of power and other

22


31/53

shut-offvalves.Waterproofcoversshouldbelocatednearsensitiveequipmentin

theeventthatthesprinklersareactivated.Handextinguishersandoortilepullers

shouldbeplacedineasilyaccessibleandclearlymarkedlocations.Theextentof

re protection required depends on the degreeof risk an institution is willing to

acceptandlocalrecodesorregulations.

2. Floods and Other Water Damage

Facilities located in or near a ood plain expose units to increased risk. Units

should take the necessary actions to manage that level of exposure.As water

seeksthelowestlevel,criticalrecordsandequipmentshouldbelocatedonupper

oors,ifpossible,tomitigatethisrisk.Raisedooringorelevatingthewiringand

servers several inches off the oor can prevent or limit the amount of water

damage.Inaddition,institutionsshouldbeawarethatwaterdamagecouldoccur

fromothersources suchasbrokenwatermains,windows,or sprinklersystems.

If there is a oor abovethe computeror equipment room,the ceiling should be

sealedtopreventwaterdamage.Waterdetectorsshouldbeconsideredasaway

toprovidenoticationofaproblem.

3. Severe Weather

A disaster resulting from an earthquake, hurricane, tornado, or other severe

weathertypicallywouldhave itsprobabilityof occurrencedenedbygeographic

location.Giventherandomnatureof thesenaturaldisasters, institutions located

in an area that experiences any of these events should consider including

appropriatescenariosintheirbusiness continuity planning process. In instances

where early warning systems are available, management should provide

procedurestobeimplementedpriortothedisastertominimizelosses.

4. Air Contaminants

Some disasters produce a secondary problem by polluting the air for a wide

geographicarea.Naturaldisasterssuchasoodingcanalso result insignicant

moldor other contamination after the waterhas receded.The severity of these

contaminantscanimpactairqualityataninstitutionandevenresultinevacuation

for an extended period of time. Business continuity planning should consider

the possibility of air contamination and provide for evacuation plans and

theshutdownofHVACsystemstominimizetheriskscausedbythecontamination.

Additionally,considerationshouldbegiventothelengthoftimetheaffectedfacility

couldbeinoperableorinaccessible.

5. Hazardous Chemical Spill

Theuniversity is locatednearamajorinterstatehighway,UShighways,andrail

lines.TheriskofachemicalspillisrealandmustbefactoredintoallBCPs.Aleak

orspillcanresultinaircontamination,asdescribedabove,andchemicalresas

wellasotherhealthrisks.Institutionsshouldmakereasonableeffortstodetermine

thetypesof chemicalsbeingproducedor transportednearby,obtain information

abouttheriskseachmaypose,andtakestepstomitigatesuchrisks.


32/53

Technical Disasters

1. Communications Failure

Thedistributedprocessingenvironmenthasresulted inan increasedrelianceon

telecommunications networks for both voice and data communications

to customers, third parties, and backup sites. Units lacking diversity in their

telecommunicationsinfrastructuresmaybesusceptibletosinglepointsoffailurein theeventadisasteraffectsoneormoreofthesecriticalsystems.

Theuniversitywillmaketheefforttoidentifyanddocumentpotentialsinglepoints

of failure within their internal and external communications systems. If

arrangements are made with multiple telecommunications providers for diverse

routing to achieve redundant systems in an attempt to mitigate this risk,

management should, to the extent possible, identify common points of failure

withinthesesystems.Onetechniqueistoperformanend-to-endtraceofallcritical

orsensitivecircuitstosearchforsinglepointsoffailuresuchasacommonswitch,

router,PBX,ortelephonecentralofce.

In addition to restoring data communication lines with afliates and vendors,

restorationof communicationswithemployeeswill be critical toanyBCP.Asan

alternative to voice landlines, institutions should consider cell phones, two-way

radios, text-based pagers, corporate and public e-mail systems, and Internet-

basedinstantmessaging.Anotheralternativewouldbe to register andestablish

astandbyWorldWideWebhomepagethatisactivatedduringadisasterandis

used to communicate information and individual requirements. Satellite phones

mayalsobeusefulforcommunicatingwithkeypersonnel.

2. Power Failure

The loss of power can occur for a variety of reasons, including storms, res,

maliciousacts,brownouts,andblackouts.Apowerfailurecouldresultintheloss

of computer systems, lighting, heating and cooling systems, and security and

protection systems.Additionally, power surges can occur as power is restored,

and without proper planning, can cause damage to equipment.As a means to

control this risk,voltage entering the computer room should bemonitoredby a

recordingvoltmeterandregulatedtopreventpoweructuations.

Intheeventofpowerfailure,institutionsshoulduseanalternativepowersource,

suchasuninterruptiblepowersupplies(UPS),orgasoline,kerosene,naturalgas,

or diesel generators. A UPS is essentially a collection of standby batteries that provide power for a short period of time. When selecting a UPS, an

institutionshouldmakesure that ithassufcientcapacity toprovideampletime

to shut down the system in an orderly fashion to ensure no data is lost or

corrupted.SomeUPSequipmentcaninitiatetheautomatedshutdownofsystems

withouthumanintervention.Ifprocessingtimeismorecritical,anorganizationmay

arrange foragenerator,whichwill provide power to atleastthemission critical

equipment during extended power outages. Management should maintain an

ample supply of fuel on hand and have arrangements for replenishment. One

24


33/53

potential advantage of natural gas is that it is supplied by pipeline, avoiding

the need to truck it in and maintain it on site. It is important to note that if a

disruptionis signicantenough,itmay result in the inability toobtain additional

fuel.Further,fuelpumpsanddeliverysystemsmaynotbeoperable.

It is also important to ensure alternative power supplies receive periodic

maintenanceandtestingtomaintainoperability.Theuniversitywillcoordinatewith

local authorities on ordinances pertaining to the location of generators and the

storageanddeliveryoffuelifsuchsystemsaredeterminedtobeneeded.

3. Equipment and Software Failure

Equipmentandsoftwarefailuresmayresultinextendedprocessingdelaysand/or

implementationofBCPs for variousbusinessunits dependingon the severity of

the failure. The performance of preventive maintenance enhances system

reliabilityandshouldbeextendedtoallsupportingequipmentsuchastemperature

andhumiditycontrolsystemsandalarmordetectingdevices.

4. Transportation System Disruptions

Unitsshouldnotassumeregionalornationaltransportationsystemswillcontinue

to operate normally during a disruption. Air trafc and/or trains may be halted

bynaturalortechnicaldisasters,maliciousactivity,workstoppages,oraccidents.

Thiscanadverselyimpactcashieroperationsandotherbusinessoperations.Units

shouldinvestigatetheoptionofusingprivateentitiestomitigatedisruptions.


34/53


35/53


36/53

plan.Forexample,amodemusedforbackupmaynotprovidethelevelofservicerequired,

oralinemaysatisfactorilytransmitvoice,butbeinsufcientinqualityandspeedfordata

transmission.Thecostsofvariousbackupalternativesshouldbeweighedagainstthelevel

ofriskprotectionprovidedbythealternatives.Thisassessmentalsoshouldaddresscosts

associatedwithtesting,sinceallcomponentsofaplanshouldbetestedperiodically,including

thecommunicationsmedia.

TheBCPshouldaddressthepracticalityofeachcomponent.Selectedalternativesshould

beabletoaccommodatetheanticipatedvolumesorcapacitiesatthenecessaryspeedsto

meet theestablishedpriorities.Forexample,severaldial-uplinesmaynotbeapractical

replacementforaT-1line.Also,thebackupplanshouldrecognizeavailabilityandleadtimes

requiredtoemploycertaincomponents,suchasinstallingadditionallinesormodemsand

multiplexers/concentratorsatarecoverysite.

Theuniversitywillplayakeyroleinthemaintenanceofnancialsystems.Unitsshouldbe

awareofcertaingovernmentprogramsandofcesthatwork tocoordinateandexpedite

therestorationorprocurementof telecommunicationservicesduringanemergency.The

OfceofPriorityTelecommunications (OPT)undertheNationalCommunicationsSystem

(NCS)administerstheTelecommunicationsServicePrioritySystem(TSP)whichensures

priority treatment of the nations most important telecommunication services supporting

nationalsecurityandemergencypreparednessmissions.ThismeansthatTSPdesignated

circuitswillbethersttoberepairedinanemergency.Allnon-federalusersrequestingTSP

provisioningorrestorationarerequiredfederalregulatorforinformationontheTSPprogram

andwhethertheyqualifyforaTSPdesignation.

TheuniversitymayqualifyforsponsorshipintheGovernmentEmergencyTelecommunications

Service(GETS)card program.Thisprogram isalso administeredbyNCSandprovides

emergencyaccessandpriorityprocessingforvoicecommunicationsservicesinemergency

situations. Units that perform national security or emergency preparedness functions

essentialtothemaintenanceofthenationseconomicpostureduringanynationalorregional

emergencywillqualifyforprogramsponsorship.

TheunitBCPshouldconsiderthesecurityofalternativecomponentstoensuredataintegrity.

Switchingfromberopticstowirepairs,dedicatedtoswitched,ordigitaltoanalogmaymakethelinemoresusceptibletoawiretaportolinenoise,whichcanresultinerrors.Using

dial-uplinescouldfacilitateaccessbythepublic.Additionally,wherewarranted,alternate

equipmentselectedshouldbechecked todetermineif itpermitsencryption.Therelative

importanceoftheapplicationsprocessedandtheextenttowhichaninstitutiondependson

itstelecommunicationssystemwill determine thedegreeofbackuprequired.Leadership

shouldmakeacarefulappraisalofitsbackuptelecommunicationsrequirements,decideon

aneffectiveplan,detailtheprocedures,andtestitseffectivenessperiodically.

28


37/53

APPENDIX D: Third-party Providers, Key Suppliers, andBusiness Partners

Reliance on third-party providers, key suppliers, or business partners may expose the

universitytopointsoffailurethatmaypreventresumptionofoperationsinatimelymanner.

The risks in outsourcing information, transaction processing, and settlement activities

include threatsto thesecurity,availability,andintegrityof systemsandresources, tothecondentialityofinformation,andtoregulatorycompliance.Inaddition,whenathirdparty

performsservicesonbehalfoftheinstitution,increasedlevelsofcredit,liquidity,transaction,

andreputationriskcanresult.Institutionsshouldreviewandunderstandserviceproviders

BCPsandensurecriticalservicescanberestoredwithinacceptabletimeframesbasedupon

theneedsoftheinstitution.Thecontractshouldaddresstheserviceprovidersresponsibility

formaintenanceandtestingresultsandreviewauditstodeterminetheadequacyofplans

andtheeffectivenessofthetestingprocess.

Ifpossible,theuniversitymayconsiderparticipatingintheirserviceproviderstestingprocess.

Contractsshould include detailed business recovery timeframes thatmeet thebusinesscontinuityplanning needsof the institution.The universitysbusinesscontinuityplanning

processwill includedeveloping call lists necessary forcontactingkey individualsat the

serviceprovidersprimaryandrecoverylocations.TheunitsBCPshouldalsoaddresshow

itwillbeexchanginginformationwithitsserviceprovidersshouldtheinstitutionbeoperating

from an alternative location, e.g., transmission via a branch facility that has redundant

telecommunicationslinkswiththeserviceprovider.

Contracts

Theuniversitycontractswith third-partyserviceprovidersandothervendorsfordisaster

recoveryassistance.Thesearrangementscanbecost-effectivesincethecostofmaintaining

adedicatedrecoverysitecanbesubstantial.Whencontractingwiththird-partyprovidersfor

recoveryservices,institutionsshouldconsider:

Stafng: What kinds of technical support personnel is the service provider obligatedtomakeavailableonsitetoassistinstitutionemployeesingettingthe

recoverysiteoperating?

ProcessingTimeAvailability:Assumingotherclientsarealsousingthesame

recovery site, how much processing time is the institution entitled to on a

particularcomputersystem?Istheinstitutionguaranteedasufcientamountof

processingtimetohandlethevolumeofworkthatwillneedtobedoneatthe

site?

Access Rights: Since mostbackup sitescan be used by numerous clients, does the institution have a guaranteed right to use the site in case of an

emergency?Alternatively, does the service provider accept clients on a rst-

come,rst-servebasisuntiltherecoverysiteisatfullcapacity?


38/53

HardwareandSoftware:Istherecoverysiteequippedwiththeprecisecomputer

hardwareandsoftwarethattheinstitutionneedstocontinueoperations?Willthe

institutionbenotiedofchangesintheequipmentattherecoverysite?

SecurityControls:Doestherecoverysitehavesufcientphysicalandlogical securitytoadequatelyprotecttheinstitutionsinformationassets?

Testing: Does the contractwith the service provider permit the institution to

perform at least one full-scale test of the recovery site annually? Does the

service provider perform tests of its own BCP and submit test reports to

theunit?

Condentiality of Data: In the event other businesses are also using the

recovery site,what stepswill the service provider take to ensure the security

andcondentialityofinstitutiondata?Hastheserviceproviderenteredintoan

appropriatecontractwiththecustomerthataddressestherequirementsofthe

Interagency Guidelines Establishing Standards for Safeguarding Customer Information?

Telecommunications: Has the service provider taken appropriate steps to ensuretherecoverysitewillhaveadequatetelecommunicationsservices(both

voiceanddata)forthenumberofpersonnelthatwillbeworkingatthatsiteand

thevolumeofdatatransmissionsthatareanticipated?

ReciprocalAgreements:Intheeventtheunitsrecoverysiteisanotheruniversity

with whom there is a reciprocal agreement, does the other institution have

sufcient excess computer capacity? Are the hardware and software at the recoverysitecompatiblewiththeaffectedinstitutionssystems?Willtheunitbe

notiedofchangesinequipmentattherecoverysite?

Space: Does the recovery sitehaveadequate spaceand related services to

accommodate the affected institutions staff and enable them to conduct

business? This may also include consideration of the space at the service

provider or in the local community to provide food, toilets, medical supplies,

familycare,counseling,news,housing,anddiversionstopersonnel.

PaperFilesandForms:Doestherecoverysitemaintainasufcientinventory ofpaper-basedlesandformsthatarenecessarytotheconductoftheaffected

institutionsbusiness?

PrintingCapacity/Capability:Doestherecoverysitemaintainadequateprinting

capacitytomeetthedemandoftheaffectedinstitution?

Contacts:Whointheunitisauthorizedtoinitiateuseofthebackupsite?Who doestheunitcontactatthebackupsite?

30


39/53

APPENDIX E: Technology Components

ThetechnologycomponentsthatshouldbeaddressedinaneffectiveBCPinclude:

Hardwaremainframe,network,end-user Softwareapplications,operatingsystems,utilities Communications(networkandtelecommunications)

Datalesandvitalrecords Operationsprocessingequipment Ofceequipment

Comprehensiveinventorieswillassistwiththebusinessresumptionandrecoveryeffortsandensureallcomponentsareconsideredduringplandevelopment.Planningshouldincludeidentifyingcriticalbusinessunitdatathatmayonlyresideonindividualworkstations,whichmayormaynotadheretoproperbackupschedules.Additionally,theplanshouldaddressvitalrecords,necessarybackupmethods,andappropriatebackupschedulesfortheserecords.Unitsshouldexercisecautionwhenidentifyingnon-criticalassets.Aunitstelephonebanking,Internetbanking,creditauthorization,orATMsystemsmaynotseemmissioncriticalwhen

systemsareoperatingnormally.However,thesesystemsmayplayacriticalroleintheBCPandbeaprimarydeliverychanneltoservicecustomersduringadisruption.Similarly,aunitselectronicmailsystemmaynotappeartobemissioncritical,butmaybetheonlysystemavailableforemployeeorexternalcommunicationintheeventofadisruption.

1. Data Center Recovery Alternatives

Theuniversitywillmakeformalarrangements foralternate processing capability in the event their data processing site becomes inoperable or inaccessible. The type of recovery alternative selected will vary depending on the criticality of the processes being recovered and the recovery time objectives. Recovery plan alternatives may take several forms and involve the use of another data

centeror installation, such asa third-party service provider.A legal contract or agreementshouldevidencerecoveryarrangementswithathird-partyvendor.The followingareacceptablealternativesfordatacenterrecovery.However,institutions willbeexpectedtodescribetheirreasonsforchoosingaparticularalternativeand whyitisadequatebasedontheirsizeandcomplexity.

Hot Site (traditional active/backupmodel): A hot site is fully congured with compatible computer equipment and typically can be operational within several hours. The university may rely on the services of a third party to provide backup facilities. The traditional active/backup model requires relocating, at a minimum, core employees to the alternative site. This model alsorequiresbackupmediatobetransferredoff-siteonatleastadailybasis. Largeunitsthatoperatecriticalreal-timeprocessingoperationsorcriticalhigh- volume processing activities should considermirroring or vaulting. If a unit is relying on a third party to provide the hot site, there remains a risk that the capacityattheserviceprovidermaynotbeabletosupporttheiroperationsin the event of a regional or large-scale event. Smaller ofces may contract for a mobile hot site, i.e., a trailer outtted with the necessary computer hardwarethatistowedtoapredeterminedlocationintheeventofadisruption

andconnectedtoapowersource.


40/53

Duplicate Facilities/Split Operations (active/active model): Under this scenario, two or more separate, active sites provide inherent backup to one

another. Each site has the capacity to absorb some or all of the work of the

other site for an extended period of time. This strategy can provide almost

immediateresumptioncapacitydependingonthesystemsusedtosupportthe

operations and the operating capacity at each site. The maintenance of

excess capacity at each site and added operating complexity can have

signicant costs. Even using the active/active model, current technological

limitationsprecludewidegeographicdiversityofdatacentersthatusereal-time,

synchronous data mirroring backup technologies.However, other alternatives

beyond synchronousmirroringmay be available to allow for greater distance

separation.

Cold Site: Cold sites are locations that are part of a longer-term recovery

strategy. A cold site provides a backup location without equipment, but with

power, air conditioning, heat, electrical, network and telephone wiring, and

raised ooring. An example of a situation when a cold site can be a viable

alternativeiswhentheunithasrecoveredatanotherlocation,suchasahotsite, but needsa longer term locationwhile their data center is being rebuilt.Cold

sitestypicallycantakeuptoseveralweekstoactivate.Institutionsmayrelyon

theservicesofathirdpartytoprovidecoldsitefacilitiesormayhousesucha

facilityatanotherlocation,suchasabranchorotheroperationscenter.

TertiaryLocation:Someunitshaveidentiedtheneedtohaveathirdlocationor

a backup to the backup. These tertiary locations provide an extra level of

protection in theeventneither theprimary locationnorthesecondary location

isavailable.Moreover,atertiarylocationbecomestheprimarybackuplocation

in the event the institution has declared a disaster and is operating out of

contingencyorsecondarysite.

The universitymay enter into agreements, commonly referred to as Reciprocal

Agreements, with other institutions to provide equipment backup. This

arrangement is usually made on a best-effort basis, whereby institution A

promises to back up institution B as long as institution A has time available

and vice versa. In the vast majority of cases, reciprocal agreements are

unacceptablebecausetheinstitutionagreeing toprovidebackuphasinsufcient

excess capacity to enable the affected institution to process its transactions

inatimelymanner.Ifaninstitutionchoosestoenterintoa reciprocalagreement

and can establish thatsuch an arrangementwill provide an acceptable level of backup,theagenciesexpectsuchanagreementtobeinwritingandtoobligate

unitAtomakeavailablesufcientprocessingcapacityandtime.Theagreement

should also specify that each unit will be notied of equipment and software

changesattheotherunits.

2. Backup Recovery Facilities

The recovery site should be tested at least annually and when equipment or

applicationsoftwareischangedtoensurecontinuedcompatibility.Additionally,the

32


41/53

recovery facility should exhibit a greater level of security protection than the

primary operations site since the people and systems controlling access to the

recovery site will not be as familiar with the relocated personnel using it. This

securityshouldincludephysicalandlogicalaccesscontrolstothesiteaswellas

the computer systems. Further, the BCP and recovery procedures should be

maintainedatthealternativeandoff-sitestoragelocations.

Regardlessofwhichrecoverystrategyisutilized,therecoveryplanshouldaddress how any backlogof activity and/orlost transactionswill be recovered.The plan

shouldidentifyhowtransactionrecordswillbebroughtcurrentfromthetimeofthe

disasterandtheexpectedrecoverytimeframes.

Alternativeworkspacecapacityisjustasimportantasalternativedataprocessing

capabilities.Managementshouldarrangeforworkspacefacilities andequipment

foremployeestoconductongoingbusinessfunctions.

3. Geographic Diversity

When determining the physical location of an alternate processing site, management should consider geographic diversity. Units should consider the

geographic scope ofdisruptions and theimplications of a citywide disruption or

even a regional disruption.The distancebetweenprimary andbackup locations

shouldconsiderrecoverytimeobjectivesandbusinessunitrequirements.Locating

abackupsite toocloseto theprimarysitemaynotinsulate itsufciently froma

regionaldisaster.Alternatively,locatingthebackupsitetoofarawaymaymakeit

difcult to relocate the staff necessary to operate the site. If relocationof staff

is necessary to resumebusiness operationsat thealternate site, consideration

should be given to their willingness to travel due to the events, the modes of

transportation available, and if applicable, lodging and living expenses for

employees that relocate. When evaluating the locationsof alternate processing

sites, it is also important to subject the secondary sites to a threat scenario

analysis.

4. Backup and Storage Strategies

Institutionmanagementshould basedecisionson softwareanddata le backup

and on the criticality of the software and data les to the nancial institutions

operations. In establishing backup priorities, management should consider all

types of information and the potential impact from loss of such les. This

includes nancial, regulatory, and administrative information, and operating,

application, and security software. In assigning backup priority, management shouldperformariskassessmentthataddresseswhether:

Thelossoftheseleswouldsignicantlyimpairtheunitsoperations

The les are being used to manage university assets or to make decisions

regardingtheiruse

The les contain updated security and operating system congurations that

wouldbenecessarytoresumeoperationsinasecuremanner

The loss of the les would result in lost revenue, critical information, or vital

research


42/53

Anyinaccuracyordatalosswouldresultinsignicantimpactontheinstitution

(includingreputation)oritscustomers

Thefrequencyoflebackupalsodependsonthecriticalityoftheapplicationand

data. Critical data should be backed up using the multiple generation (i.e.,

grandfather-father-son,etc.)method androtated to an off-site location at least

daily.Online/real-timeorhigh-volumesystemsmaynecessitatemoreaggressive

backupmethodssuchasmirroringorelectronicvaultingataseparateprocessing

facility toensure appropriate backup ofoperations,as analternative to backup

tapestorage.

Backuptapestorageremainsaviablesolutionformanyunits.However,whenan

unitsprimarybackupmediaistapestorage,backuptapesshouldbesenttothe

off-sitestorageassoonaspossibleandshouldnotresideattheiroriginallocation

overnight.Backupmedia,especiallytapes,shouldbeperiodicallytestedtoensure

theyarestillreadable.Tapesrepeatedlyusedorsubjectedtoextremevariationsin

temperature or humidity may become unreadable, in whole or part, over time.

Remote journaling is the process of recording transaction logsor journals at a remote location. These logs and journals are used to recover transaction and

database changes since the most recent backup. Backup of operating system

software and application programs must be performed whenever they are

modied,updated,orchanged.

5. Data File Backup

One of the most critical components of the backup process involves the

universitysdatales,regardlessoftheplatformonwhichthedataislocated.Units

mustbeabletogenerateacurrentmasterlethatreectstransactionsuptothe

pointin time ofthe disruption.Data les shouldbe backed up both on siteand

off-site to provide recovery capability. Retention of current data les, or older

masterlesandthetransactionlesnecessarytobringthemcurrent,isimportant

sothatprocessingcancontinueintheeventofadisasterorotherdisruption.The

creationand rotation of core processing data lebackupshould occur at least

daily,more frequently if the volumeof processing or online transaction activity

warrants.Lesscriticaldatalesmaynotneedtooff-siteinatimelymannerandnot

bereturneduntilnewbackuplesareoff-site.

6. Software Backup

Software backup for all hardware platforms consists of three basic areas:

operatingsystemsoftware,applicationsoftware,andutilitysoftware.Allsoftware and related documentation should have adequate off-premises storage. Even

when using a standard software package from one vendor, the software can

varyfromonelocationtoanother.Differencesmayincludeparametersettingsand

modications, security proles, reporting options, account information, or other

optionschosenbytheinstitutionduringorsubsequenttosystemimplementation.

Therefore,comprehensivebackupofallcriticalsoftwareisessential.Theoperating

system software should be backed up with at least two copies of the current

34


43/53

version. One copy should be stored in the tape and disk library for immediate

availability in theeventtheoriginal is impaired;theothercopyshouldbestored

inasecure,off-premises location.Duplicatecopiesshouldbe testedperiodically

andrecreatedwheneverthere is a change to the operatingsystem.Application

software,which includes both source (if the institution has it in its possession)

andobjectversionsofallapplicationprograms,shouldbemaintainedinthesame

mannerastheoperatingsystemsoftware.Backupcopiesoftheprogramsshould

beupdatedasprogramchangesaremade.

Giventheincreasedrelianceonthedistributedprocessingenvironment,the

importanceofadequatebackupresourcesandproceduresforlocalareanetworks

andwideareanetworksisimportant.Managementshouldensurethatall

appropriateprogramsandinformationarebackedup.Dependingonthesizeof

theunitandthenatureofanticipatedrisksandexposures,thetimespentbacking

updataisminimalcomparedwiththetimeandeffortnecessaryforrestoration.

Filesthatcanbebackedupwithinashortperiodoftimemayrequiredays,weeks,

ormonthstorecreatefromhardcopyrecords,assuminghardcopyrecordsare

available.Comprehensiveandclearproceduresarenecessarytorecovercritical networksandsystems.Proceduresshould,ataminimum,include:

Frequencyofupdateandretentioncyclesforbackupsoftwareanddata

Periodicreviewofsoftwareandhardwareforcompatibilitywithbackupresources

Periodic testing of backup procedures for effectiveness in restoring normal

operations

Guidelinesforthelabeling,listing,transportation,andstorageofmedia

Maintenanceofdatalelistings,theircontents,andlocations

Hardware,software,andnetworkcongurationdocumentation

Controlstominimizetherisksinvolvedinthetransferofbackupdata,whether

byelectroniclinkorthroughthephysicaltransportationofdiskettesandtapesto

andfromthestoragesite

Controlstoensuredataintegrity,clientcondentiality,andthephysicalsecurity

ofhardcopyoutput,media,andhardware

7. Off-site Storage

The off-site storage location should be environmentally controlled and secure

withproceduresforrestrictingphysicalaccesstoauthorizedpersonnel.Moreover,

the off-site premises should be an adequate distance from the computer

operationslocationsothatbothlocationswillnotbeimpactedbythesameevent.

BeyondacopyoftheBCP,duplicatecopiesofallnecessaryproceduresincluding

endofday,endofmonth,endofquarterandprocedurescoveringrelativelyrare anduniqueissuesshouldbestoredattheoff-sitelocations.Anotheralternativeto

considerwould beto place the critical informationon a secure shared network

drive with the data backed up during regularly scheduled network backup.

However,thisshareddriveshouldbeinadifferentphysicallocationthatwouldnot

beaffectedbythesamedisruption.

Managementneedstomaintainacertainlevelofnon-networked(e.g.,hardcopy)

materialin the eventthatthe network environmentis not available for aperiod


44/53

of time.Reservesupplies,suchas forms,manuals,letterhead,etc.,shouldalso

bemaintained in appropriate quantities at an off-site location andmanagement

shouldmaintainacurrentinventoryofwhatisheldinthereservesupply.

36


45/53

APPENDIX F: BCP & Personnel Components

BasedontheBIA,theBCPshouldassignresponsibilitiestomanagement,specicpersonnel,

teams,andserviceproviders.Theplanshouldidentifyintegralpersonnelthatareneededfor

successfulimplementationoftheplananddevelopcontingenciestobeimplementedshould

thoseemployeesnotbeavailable.Additionally, vendorsupportshouldbe identied.The

BCPshouldaddress:

Howwilldecisionmakingsuccessionbedeterminedintheeventofthelossof

managementpersonnel?

Who will be responsible for leading the various BCP Teams (e.g., Crisis/

Emergency, Recovery, Technology, Communications, Facilities, Human

Resources,BusinessUnitsandProcesses,CustomerService)?

Who will be the primary contact with critical vendors, suppliers, and service

providers?

Whowillberesponsibleforsecurity(informationandphysical)?

Planning should also consider personnel resources necessary for decisionmakingand

stafngatalternatefacilitiesundervariousscenarios.Keypersonnelshouldbeidentiedtomakedecisionsregardingeffortstoprovideforrenovatingorrebuildingtheprimaryfacility.

This could requirepersonnel beyondwhat isnecessary forongoing business continuity

efforts.

Finally,thebusinesscontinuityplanningcoordinatorand/orplanningcommitteeshouldbe

givenresponsibilityforregularlyupdating theBCPonat leastanannualbasisandafter

signicantchangestotheoperationsandenvironment.


46/53


47/53

APPENDIX G: Facilities

TheBCP shouldaddresssite relocation forshort-,medium- and long-termdisaster and

disruption scenarios.Continuity planning for recovery facilities should consider location,

size, capacity (computerand telecommunications),andrequired amenitiesnecessary to

recoverthelevelofservicerequiredbythecriticalbusinessfunctions.Thisincludesplanning

forworkspace, telephones,workstations,networkconnectivity,etc.Whendeterminingan

alternateprocessingsite,managementshouldconsiderscalabilityintheeventalong-term

disaster becomes a reality.Additionally, during the recovery period, theBCP should be

reassessedtodetermineiftertiaryplansarewarranted.Procedurestoutilizeattherecovery

locationshouldbedeveloped.Inaddition,anyles,inputwork,orspecicforms,etc.,needed

atthebackupsiteshouldbespeciedinthewrittenplan.Theplanshouldincludelogistical

proceduresformovingpersonneltotherecoverylocationinadditiontostepstoobtainthe

materials(media,documentation,supplies,etc.)fromtheoff-sitestoragelocation.Plansfor

lodging,meals,andfamilyconsiderationsmaybenecessary.


48/53


49/53

APPENDIX H: Communication

Communication is a critical aspect of a BCP and should include communication with

emergency personnel, employees, directors, regulators, vendors/suppliers (detailed

contactinformation),customers(noticationprocedures),andthemedia(designatedmedia

spokesperson).Alternatecommunicationchannelsshouldbeconsideredsuchascellular

telephones,pagers,satellitetelephones,andInternet-basedcommunicationssuchase-mail

orinstantmessaging.


50/53


51/53

APPENDIX I: Other Considerations

Eachunitisdifferentandprocesseswillvary.However,managementshouldconsiderhow

toaccomplishthefollowing:

Prevention,mitigation,andpreparedness

Reconcilingrecoverytimeswithbusinessunitrequirements

Disasterdeclarationandplanimplementationprocesses Recoveryprogressreporting

Trainingofpersonnelandtestingoftheplans


52/53


53/53

business continuity planfor university

Documents