Download - Business Continuity Planfor University
-
8/3/2019 Business Continuity Planfor University
1/53
P lan Annex
BUSINESS CONTINUITY
2011
-
8/3/2019 Business Continuity Planfor University
2/53
Published Spring 2011
-
8/3/2019 Business Continuity Planfor University
3/53
-
8/3/2019 Business Continuity Planfor University
4/53
-
8/3/2019 Business Continuity Planfor University
5/53
-
8/3/2019 Business Continuity Planfor University
6/53
-
8/3/2019 Business Continuity Planfor University
7/53
Table of Contents
Record of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
A. Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
B. Plan Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
C. Concept of Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
D. Senior Leadership Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
E. Business Continuity Planning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
F. Business Impact Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
G. Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
H. Risk Management / Business Continuity Plan Development . . . . . . . . . . . . . . . . . . . 9
I. Other Policies, Standards, and Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
J. Risk Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
K. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
A. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
B. Internal and External Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
C. Interdependencies Telecommunications Infrastructure . . . . . . . . . . . . . . . . . . . . 27
D. Third-party Providers, Key Suppliers, and Business Partners . . . . . . . . . . . . . . 29
E. Technology Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
F. BCP and Personnel Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37G. Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
H. Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
I. Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
-
8/3/2019 Business Continuity Planfor University
8/53
-
8/3/2019 Business Continuity Planfor University
9/53
B u s i n e s s C o n t i n u i t y P l an A n n e x
RECORD OF CHANGES
Change # Date of Change Change Entered By Date Entered
-
8/3/2019 Business Continuity Planfor University
10/53
A. AUTHORITY
1. Federal
Homeland Security Presidential Directive/HSPD-5, Management of Domestic
Incidents
NFPA Standard 1600: Standard on Disaster/Emergency Management and BusinessContinuityPrograms
NFPA 1561 Standard on Emergency Services Incident Management System
2005Edition
NFPA72AnnexEMassNoticationSystems
2. State of Texas
Texas Administrative Code Title 1 Part 10 Chapter 202 Subchapter C Rule
202.74
TexasExecutiveOrderRP57
Texas Department of Information Resources: Business Continuity Planning Guidelines.December2004
NationalResponseFramework
NationalIncidentManagementSystem
JointCommissionforAccreditationofHealthOrganizations:StandardEC1.4
3. The University of Texas System
MemotoChancellorYudofdatedJuly20,2007:Subject:SurveyonEmergency
andIncidentResponseExercises
B. PLAN REVIEW
TheBusiness Continuity Plan AnnexisacomponentoftheEmergency Management Plan.
TheBusiness Continuity Plan Annex willbe reviewedannually andwillbe updatedand
revisedasappropriate.
Interimrevisionswillbemadewhenoneofthefollowingoccurs:
A change in university site or facility conguration that materially alters the
informationcontainedintheplanormateriallyaffectsimplementationoftheplan
Amaterialchangeinresponseresources
Anincidentoccursthatrequiresareview
Internal assessments, third party reviews, or experience in drills or actual
responsesidentifysignicantchangesthatshouldbemadeintheplan
Newlaws,regulations,orinternalpoliciesareimplementedthataffectthecontents
ortheimplementationoftheplan
Otherchangesdeemedsignicant
Planchanges,updates,andrevisionsaretheresponsibilityoftheassociatevicepresident
for CampusSafety andSecurity whowill ensure thatany plan changes are distributed
accordingly.
2
-
8/3/2019 Business Continuity Planfor University
11/53
B u s i n e s s C o n t i n u i t y P l an A n n e x
C. CONCEPT OF OPERATIONS
The Business Continuity Plan Annex provides guidance to university colleges, schools,
departments, and agencies to ensure nancial integrity and continuity of service to the
community in theeventofanaturalorman-madedisaster.The businesscontinuityplan
(BCP) is an annex of theEmergency Management Plan. All emergency planning andresponseprovisionsofthatdocumentandotherannexareineffect.ThisBCPandunitplans
alladdressthefourphasesofemergencyplanning(mitigation,preparedness,response,and
recovery)buttheBCPhasspecialemphasisontherecoveryphase.
Operatingdisruptionscanoccurwithorwithoutwarning,andtheresultsmaybepredictable
orunknown.Itisimportantthatthethreemissions(teaching,research,andservice)ofthe
universityaresustainedduringanyemergency.Firstpriorityisalwaysthesafetyofthestaff,
faculty,students,andvisitors.TheuniversityEmergency Management Planaddressesactions
toprotectlifeandproperty.Thisannexfocusesonbusinessoperationsandthesustenance
ofcriticalfunctionsfortheuniversity.Businessoperationsfortheuniversitymustberesilientand the effectsofdisruptions inservicemustbeminimized inorder tomaintain campus
trust and condence.Effectivebusiness continuityplanning establishes thebasis forthe
universitytomaintainandrecoverbusinessprocesseswhenoperationshavebeendisrupted
unexpectedly.
Business continuity planning is the processwhereby the university and the subordinate
componentsattempttoensurethemaintenanceorrecoveryofoperations,includingservices,
whenconfrontedwithadverseeventssuchasnaturaldisasters,technologicalfailures,human
error,orterrorism.
Theobjectivesof thisBCParetominimizenancial losstotheuniversityorcomponents;
continuetoappropriatelyservestudents,staff,faculty,andvisitors;andmitigatetheeffects
disruptionscanhaveontheuniversitysstrategicplans,reputation,operations,andabilityto
remainincompliancewithapplicablelawsandregulations.Changingbusinessprocesses
(internallytotheuniversityandexternallytothebroadercommunity)andnewthreatscenarios
requiretheuniversitytomaintainupdatedandviableBCPsatalltimes.
Newbusinesspractices,changesin technology,andincreased terrorismconcerns,have
focusedevengreaterattentionontheneedforeffectivebusinesscontinuityplanningand
havealteredthebenchmarksofaneffectiveplan.ThisBCPwilltakeintoaccountthepotential
forwide-areadisastersthateffectanentireregionandfortheresultinglossorinaccessibility
ofstaff.ThisBCPalsoconsidersandaddressestheinterdependenciesofalluniversityunits
aswellasinfrastructure.Inmostcases,recoverytimeobjectivesarenowmuchshorterthan
theywereevenafewyearsago,andforsomeunitsrecoverytimeobjectivesarebasedon
hoursandevenminutes.
Departments and agencies of the university should incorporate business continuity
considerationsintobusinessprocessdevelopmenttomitigateproactivelytheriskofservice
disruptions.IncreatinganeffectiveBCP,universitycomponentsshouldnotassumeareduced
demandforservicesduringthedisruption.Infact,demandforsomeservicesmayincrease.
-
8/3/2019 Business Continuity Planfor University
12/53
Thisplanrecognizedthatwhiletechnologywastheprimarybasisforconcern,anenterprise-wide,process-orientedapproach thatconsiders technology,business processes, testing,andcommunicationstrategiesiscriticaltobuildingaviableBCP.
Eachcollege,school,departmentandunitofTheUniversityofTexasatAustinisrequiredto
participateinthedevelopmentofaBCPtoaddressdisruptions.Theunitlevelatwhichthisplanwillbedevelopedwillbedeterminedbytheprovost,responsibledean,orvicepresident.Thisplanwillinclude:
BusinessImpactAnalysis RiskAnalysis RiskAssessment PlanComponents
Strategy PreventionMeasure MitigationMeasures EmergencyResponse UnitContinuityandSuccessionofLeadership EmergencyCommunications ResourceManagementandLogistics MutualAid(InternalandExternal)
TrainingandAwareness ExerciseandTesting
Theuniversitywillensurecoordinationwiththefollowingexternalagencies:
TheCityofAustinOfceofEmergencyManagement GovernorsOfceDivisionofEmergencyManagement
DepartmentofStateHealthServices Otheragenciesasdetermined Coordination with Strategic Leadership Council (Information Resources) on technologymigrationplansinordertoenhancecontinuityoperationsthroughthe acquisitionofnewtechnology
D. SENIOR LEADERSHIP RESPONSIBILITIES
Action Summary
Theuniversityseniorleadershiptoincludedeans,vicepresidents,associatevicepresidents,directors,andequivalentsareresponsiblefor:
AllocatingsufcientresourcesandknowledgeablepersonneltodeveloptheBCP Developingacontinuityandsuccessionofleadership Settingpolicybydetermininghowtheinstitutionwillmanageandcontrolidentied risk ApprovingtheBCPonanannualbasis Conductinganddocumentingabusinesscontinuityriskassessmentannuallyin accordancewithTAC202.72thatidentiesmissioncriticalbusinessprocesses EnsuringtheBCPiskeptup-to-dateandemployeesaretrainedandawareoftheir
roleinitsimplementation
4
-
8/3/2019 Business Continuity Planfor University
13/53
B u s i n e s s C o n t i n u i t y P l an A n n e x
Seniorleadership,asnotedabove,areresponsible foridentifying,assessing,prioritizing,
managing, andcontrolling risks.Theymust ensurenecessary resources aredevoted to
creating,maintaining,andtestingtheplan.
These leaders fulll their business continuity planning responsibilities by setting policy,
prioritizingcriticalbusinessfunctions,allocatingsufcientresourcesandpersonnel,providingoversight, approving theBCP, providing training, andensuringmaintenanceofa current
plan.
Theeffectivenessofbusiness continuityplanning depends on theuniversitys leadership
commitmentand abilitytoclearly identifywhatmakesexistingbusinessprocesseswork.
Eachcollege,school,department,orunitmustevaluateitsownuniquecircumstancesand
environmenttodevelopacomprehensiveBCP.
Attheuniversity,allbusinesscontinuityplanningwillbecoordinatedbytheassociatevice
presidentofCampusSafetyandSecuritythroughtheOfceofEmergencyPreparedness.Whiletheplanningpersonnelmayrecommendcertainprioritization,theseniorleadershipof
theuniversityisresponsibleforunderstandingcriticalbusinessprocessesandsubsequently
establishingplanstomeetbusinessprocessrequirementsinasafeandsoundmanner.
E. BUSINESS CONTINUITY PLANNING PROCESS
Action Summary
TheuniversityBCPplanningprocessreectsthefollowingobjectives: Businesscontinuityplanningisaboutmaintaining,resuming,andrecoveringthe
business,notjusttherecoveryofthetechnology.
Theplanningprocessshouldbeconductedonanenterprise-widebasis.
Athoroughbusinessimpactanalysisandriskassessmentarethefoundationof
aneffectiveBCP.
The effectiveness ofaBCP canonly be validated throughtesting or practical
application.
TheBCPwillbeupdatedatleastannuallytoreectandrespondtochangesin
thenancialinstitutionoritsserviceprovider(s).
Theuniversitywillconductbusinesscontinuityplanningonanenterprise-widebasis.Colleges,
schools,departments,andunitsmustconsiderthecriticalaspectsofitsbusinessoperations
increatingaplanforhowitwillrespondtodisruptions.Thisplanisnotlimitedtotherestoration
ofinformationtechnologysystems,services,ordatamaintainedinelectronicform,assuch
actions,bythemselves, cannotalwaysput aunitback inoperation.WithoutaBCPthat
considers every critical business function, including personnel, physical workspace, and
similarissues,theuniversitymaynotbeabletoresumeormaintainitsteaching,research,and
communityservicemissionsatanacceptablelevel.Theuniversityrecognizesthesystemic
impactthatservicedisruptionsmayhaveontheintegrityoftheuniversity.
-
8/3/2019 Business Continuity Planfor University
14/53
Universitycolleges,schools,departments,andunitsmustupdatetheirBCPsasbusiness
processeschange.Forexample,theuniversityisincreasinglyrelyingondistributednetwork
solutions to support business processes. This increased reliance can include desktop
computersmaintainingkeyapplications.Whiledistributednetworkingprovidesexibilityin
allowingtheuniversitytodeliveroperationstowhereemployeesandcustomersarelocated,
italsomeansthatend-usersshouldkeepBCPpersonnelup-to-dateonwhatconstitutescurrent business processes and signicant changes. Technological advancements are
allowingfasterandmoreefcientprocessing,therebyreducingacceptablebusinessprocess
recoveryperiods.
Inresponsetocompetitiveandcustomerdemands,manyunitsaremovingtowardshorter
recovery periods anddesigning technology recovery solutions into business processes.
These technological advancements increase the importance of university-widebusiness
continuityplanning.AlluniversityBCPsfocusonaprocess-orientedapproachtobusiness
continuityplanningthatinvolves:
BusinessImpactAnalysis(BIA) RiskAssessment
RiskManagement
RiskMonitoring
Businesscontinuityplanningshouldcenteronallcriticalbusinessfunctionsthatmusttobe
recoveredtomaintainoperations.TheBCPmustbeviewedasonecriticalaspectofthe
university-wideprocess.Thereviewof eachcriticalbusiness functionshould include the
technologythatsupportsit.
F. BUSINESS IMPACT ANALYSIS
Action Summary
Abusinessimpactanalysis(BIA)istherststepindevelopingaBCP.Itshouldinclude:
Identicationofthepotentialimpactofuncontrolled,non-speciceventsonthe
institutionsbusinessprocessesanditscustomers
Considerationofalldepartmentsandbusinessfunctions,notjustdataprocessing
Estimation of maximum allowable downtime and acceptable levels of data,
operations,andnanciallosses
TherststepforunitsoftheuniversitytodevelopaBCPistoperformaBIA.Theamountof
timeandresourcesnecessarytocompletetheBIAwilldependonthesizeandcomplexityof
theunit.Attheuniversity,allbusinessfunctionsandunitsmustbeincludedintheplanning
process,notjustdataprocessing.
TheBIAphaseidenties thepotential impactof uncontrolled,non-speciceventsonthe
universitysbusinessprocesses.TheBIAphasealsoshoulddeterminewhatandhowmuch
isat riskby identifying critical business functions and prioritizing them. TheBIA should
estimatethemaximumallowabledowntimeforcriticalbusinessprocesses,recoverypoint
objectivesandbackloggedtransactions,andthecostsassociatedwithdowntime.
6
-
8/3/2019 Business Continuity Planfor University
15/53
-
8/3/2019 Business Continuity Planfor University
16/53
Many unitswithin theuniversityhave used theEnterpriseRiskManagementSystem to
analyzerisk.Thisplanningtoolisusefulindevelopingthenecessaryriskinformation.This
riskassessmentstepiscriticalandhassignicantbearingonwhetherbusinesscontinuity
planning effortswill be successful. If the threat scenarios developed are unreasonably
limited,theresultingBCPmaybeinadequate.Duringtheriskassessmentstep,business
processesandthebusiness impactanalysisassumptionsarestress testedwith variousthreatscenarios.Thiswillresultinarangeofoutcomes,somethatrequirenoactionfor
business processes tobesuccessfulandothersthatwill require signicantBCPs tobe
developedandsupportedwithresources(nancialandpersonnel).
TheOfceofCampusSafetyandSecuritywillworkwithuniversityunitstodeveloprealistic
threatscenariosthatmaypotentiallydisrupttheirbusinessprocessesandabilitytomeetthe
expectationsofstudents,staff,faculty,andvisitors.Threatscantakemanyforms,including
maliciousactivityaswellasnaturalandtechnicaldisasters.Wherepossible,unitsshould
analyzeathreatbyfocusingonitsimpactontheentity,notthenatureofthethreat.For
example, theeffects ofcertain threatscenarios canbe reduced tobusiness disruptionsthataffectonlyspecicworkareas,systems,facilities(i.e.,buildings),orgeographicareas.
Additionally,themagnitudeofthebusinessdisruptiondependsuponawidevarietyofthreat
scenariosbasedonpracticalexperiencesandpotentialcircumstancesandevents.Ifthreat
scenariosarenotcomprehensive,theBCPsmaybetoobasicandomitreasonablesteps
thatcouldimprovebusinessprocessesresiliencytodisruptions.Threatscenariosshould
considertheimpactofadisruptionandprobabilityofthethreatoccurring.
Threatsthatcouldimpactaunitcanrangefromthosewithahighprobabilityofoccurrence
andlowimpacttotheunitoruniversity(e.g.,briefpowerinterruptions),tothosewithalow
probabilityofoccurrenceandhighimpactontheinstitution(e.g.,hurricane,terrorism).High
probabilitythreatsareoftensupportedbyveryspecicBCPs.However,themostdifcult
threatstoaddressarethosethathaveahighimpactontheuniversitybutalowprobabilityof
occurrence.Usingariskassessment,BCPsmaybemoreexibleandadaptabletospecic
typesofdisruptionsthatmaynotbeinitiallyconsidered.
Itisatthispointinthebusinesscontinuityplanningprocessthatuniversityunitsmustperform
agapanalysis.Inthiscontext,agapanalysisisamethodicalcomparisonofwhattypesof
plans theunit needs tomaintain, resume,or recovernormalbusiness operationsin the
eventofadisruptionversuswhattheexistingBCPprovides.Thedifferencebetweenthetwo
highlightsadditionalriskexposurethatmanagementandtheboardneedtoaddressinBCP
development.Theriskassessmentconsiders:
Theimpactofvariousbusinessdisruptionscenariosonboththeinstitutionand
thestudents,staff,faculty,andvisitors
Theprobabilityofoccurrencebased, forexample,onaratingsystemofhigh,
medium,andlow
The loss impact on information services, technology, personnel, facilities, and
serviceprovidersfrombothinternalandexternalsources
Thesafetyofcriticalprocessingdocumentsandvitalrecords
Abroadrangeofpossiblebusinessdisruptions,includingnatural,technical,and
humanthreats
8
-
8/3/2019 Business Continuity Planfor University
17/53
B u s i n e s s C o n t i n u i t y P l an A n n e x
When assessing the probability of a specic event occurring, units should consider the
geographiclocationoffacilitiesandtheirsusceptibilitytonaturalthreats(e.g.,locationina
oodplain)andtheproximitytocriticalinfrastructures(e.g.,powersources,nuclearpower
plants,airports,pointsofinterest,majorhighways,railroads).Theriskassessmentshould
includealllocationsandfacilities.Worst-casescenarios,suchasdestructionofthefacilities
andlossoflife,shouldbeconsidered.Attheconclusionofthisphase,theunitwillhaveprioritized business processesand estimatedhow theymay bedisrupted under various
threatscenarios.
H. RISK MANAGEMENT / BUSINESS CONTINUITY PLANDEVELOPMENT
Action Summary
Risk management is thedevelopmentof a written, enterprise-wideBCP. The institution
shouldensurethattheBCPis:
Writtenanddisseminatedsothatvariousgroupsofpersonnelcanimplementitin
atimelymanner
Specicregardingwhatconditionsshouldpromptimplementationoftheplan
Specicregardingwhatimmediatestepsshouldbetakenduringadisruption
Flexible to respond to unanticipated threat scenarios and changing internal
conditions
Focusedonhowtogetthebusinessupandrunningintheeventthataspecic
facilityorfunctionisdisrupted,ratherthanontheprecisenatureofthedisruption
Effectiveinminimizingservicedisruptionsandnancialloss
AfterconductingtheBIAandriskassessment,managementshouldprepareawrittenBCP.
The plan shoulddocument strategiesandprocedures tomaintain, resume, and recover
criticalbusinessfunctionsandprocessesandshouldincludeprocedurestoexecutetheplans
prioritiesforcriticalversusnon-criticalfunctions,services,andprocesses.TheBCPshould
describeinsomedetailthetypesofeventsthatwouldleaduptotheformaldeclarationof
adisruptionand theprocess forinvoking theBCP. Itshoulddescribe theresponsibilities
andprocedurestobefollowedbyeachcontinuityteamandcontaincontactlistsofcritical
personnel.TheBCPshoulddescribeindetailtheprocedurestobefollowedtorecovereach
businessfunctionaffectedbythedisruptionandshouldbewritteninsuchawaythatvariousgroupsofpersonnelcanimplementitinatimelymanner.
Aspreviouslydiscussed,aBCPismorethanrecoveryofthetechnology,butratherarecovery
ofallcriticalbusinessoperations.Theplanshouldbeexibletorespondtochanginginternal
and external conditionsand new threatscenarios.Rather than being developed around
specicevents(e.g.revs.tornado),theplanwillbemoreeffectiveifitiswrittentoadequately
addressspecictypesofscenariosandthedesiredoutcomes.ABCPshoulddescribethe
immediatestepstobetakenduringaneventinordertominimizethedamagefromadisruption
aswellastheactionnecessaryto recover.Thus,businesscontinuityplanningshouldbe
-
8/3/2019 Business Continuity Planfor University
18/53
focusedonmaintainingandresuming.Recoveringunitswouldrespondif:
Criticalpersonnelarenotavailable
Criticalbuildings,facilities,orgeographicregionsarenotaccessible
Equipmentmalfunctions (hardware, telecommunications,operationalequipment)
Softwareanddataarenotaccessibleorarecorrupted
Vendorassistanceorserviceproviderisnotavailable Utilitiesarenotavailable(power,telecommunications)
Criticaldocumentationand/orrecordsarenotavailable
UnitsshouldcarefullyconsidertheassumptionsonwhichtheBCPisbased.Plannersshould
notassumeadisasterwillbelimitedtoasinglefacilityorasmallgeographicarea.Units
shouldnotassumetheywillbeabletogainaccesstofacilitiesthathavenotbeendamaged
orthatcriticalpersonnel(includingseniorleadership)willbeavailableimmediatelyafterthe
disruption.Assumingpublictransportationsystemssuchasairlines,railroads,andsubways
willbeoperatingmayalsobeincorrect.
Theuniversityshouldnotassumethetelecommunicationssystemwillbeoperatingatnormal
capacity.TheBCPconsistsofmanycomponentsthatarebothinternalandexternaltothe
university.TheactivationofaBCPandrestorationofbusinessintheeventofanemergency
is dependent on thesuccessful interaction of variouscomponents. The overall strength
andeffectivenessofaBCPcanbedecreasedbyitsweakestcomponent.AneffectiveBCP
coordinatesacrossitsmanycomponents,identiespotentialprocessorsystemdependencies,
andmitigatestherisksfrominterdependencies.
Typically, theunit anduniversity business continuity coordinators or teams facilitate the
identication of risk and the development of risk mitigation strategies across businessareas. Internal causesof interdependencies can include line ofbusinessdependencies,
telecommunicationlinks,and/orsharedresources(i.e.,printoperationsore-mailsystems).
External sources of interdependencies that can negatively impact a BCP can include
telecommunication providers, service providers, customers, business partners, and
suppliers.
I. OTHER POLICIES, STANDARDS, AND PROCESSES
Action SummaryOther university policies, in addition to theBCP, should incorporatebusiness continuity
planningconsiderations.Theseinclude:
Systemdevelopmentlifecycles
Changecontrolpolicies
Datasynchronizationprocedures
Employeetrainingandcommunicationplans
Insurancepolicies
Government,media,andcommunityrelationspolicies
Security
10
-
8/3/2019 Business Continuity Planfor University
19/53
B u s i n e s s C o n t i n u i t y P l an A n n e x
InadditiontodocumentingBCPs,otherpolicies,standards,andpracticesshouldaddress
continuityandavailability considerations.These include systemdevelopment life cycles
(SDLC),changecontrol,anddatasynchronization.
1. Systems Development Life Cycle (SDLC) and Project Management
As part of the SDLC process, units should incorporate business continuity considerations into project plans. Evaluating business continuity needs during
theSDLCprocessallowsforadvancepreparationwhenaninstitutionisacquiring
ordevelopinganewsystem.Italsofacilitatesthedevelopmentofamorerobust
systemthatwillpermiteasiercontinuationofbusinessintheeventofadisruption.
During the development and acquisition ofnew systems, SDLC standards and
projectplansshouldaddress,ataminimum,issuessuchas:
Unitrequirementsforresumptionandrecoveryalternatives
Informationonbackupandstorage
Hardwareandsoftwarerequirementsatrecoverylocations
BCPanddocumentationmaintenance Disasterrecoverytesting
Stafngandfacilities
2. Change Control
Change management and control policies / procedures should appropriately
address and document the business continuity considerations. Change
management in computer systems should be included in the change control
process and implementation phase. Whenever a system change is made to
an application, operating system, or utility that resides in the production
environment,a methodology should exist to ensure all backup copies of those systems are updated to reect the new environment. In addition, if a new or
changed system is implemented and results in new hardware, capacity
requirements,orothertechnologychanges,managementshouldensuretheBCP
is updated and the recovery site can supportthe new production environment.
3. Data Synchronization
Datasynchronizationcanbecomeachallengewhendealingwithanactive/back-
up environment. The larger and more complex an institution is (i.e., shorter
acceptableoperational outage period,greater volume ofdata,greater distance
between primary and backup location), the more difcult synchronization can become.Ifbackupcopiesareproducedasofthecloseofabusinessdayanda
disruptionoccursrelativelylatethenextbusinessday,allthetransactionsthattook
placeafter the backupcopiesweremadewouldhave to be recreated, perhaps
manually,inordertosynchronizetherecoverysitewiththeprimarysite.
Managementandtestingof contingencyarrangementsarecritical toensure the
recoveryenvironment is synchronized with the primary work environment. This
testingincludesensuring software versionsarecurrent, interfacesexistandare
tested, and communication equipment is compatible. If the two locations,
underlying systems, and interdependent business units are not synchronized,
-
8/3/2019 Business Continuity Planfor University
20/53
thereisthelikelypossibilitythatrecoveryatthebackuplocationcouldencounter
signicant problems.Proper changecontrol, information backup, and adequate
testingcanhelpavoidthissituation.Inaddition,managementshouldensure the
backupfacilityhasadequatecapacitytoprocesstransactionsinatimelymanner
intheeventofadisruptionattheprimarylocation.
4. Employee Training and Communication Planning
Theuniversity will develop enterprise-wide training and exercises.However, all
units should provide business continuity training for personnel to ensure all
parties are aware of their responsibilities should a disaster occur. Key
employees should be involved in the business continuity development process
aswellasperiodictrainingexercises.Theuniversitywillincorporate enterprise-
widetrainingaswellasspecictrainingforindividualbusinessunits.Employees
shouldbeawareofwhichconditionscallforimplementingallorpartsoftheBCP,
whois responsibleforimplementingBCPs forbusinessunitsandtheinstitution,
andwhattodoifthesekeyemployeesarenotavailableatthetimeofadisaster. Cross-trainingshouldbeutilizedtoanticipaterestoringoperationsintheabsence
ofkeyemployees.Employeetrainingshouldberegularlyscheduledandupdated
toaddresschangestotheBCP.
Communication planning should identify alternate communication channels
toutilizeduringadisaster,suchaspagers,cellphones,e-mail,ortwo-wayradios.
Anemergencytelephonenumber,e-mailaddress,andphysicaladdresslistshould
beprovidedtoemployeestoassistincommunicationeffortsduringadisaster.The
list should provide all alternate numbers sinceone ormore telecommunications
systemscouldbeunavailable.Additionally,thephonelistshouldprovidenumbers
forvendors,emergencyservices,transportation,andregulatoryagencies.Wallet
cards, Internet postings, and calling trees are possible ways to distribute
information to employees. Further, units should establish reporting or calling
locationstoassisttheminaccountingforallpersonnelfollowingadisaster.
Unitsshouldconsiderdevelopinganawarenessprogramtoinformtheuniversity
community,serviceproviders,andoutsideagencieshowtocontacttheinstitution
if normal communication channels are not in operation. The plan should also
designatepersonnelwhowillcommunicatewiththemedia,government,vendors,
andothercompaniesandprovideforthetypeofinformationtobecommunicated.
5. Insurance (generally, states and state institutions are self-insurers)
Insuranceiscommonlyusedtorecouplossesfromrisksthatcannotbecompletely
prevented. Generally, insurance coverage is obtained for risks that cannot be
entirely controlled yetcould representa signicant potentialfor nancial loss or
otherdisastrousconsequences.Thedecisiontoobtaininsuranceshouldbebased
on the probability and degree of loss identied during the BIA. Units of the
universitymustdetermine potentialexposure for various types ofdisasters and
reviewtheinsuranceoptionsavailablethroughtheuniversitytoensureappropriate
insurancecoverageisprovided.
12
-
8/3/2019 Business Continuity Planfor University
21/53
B u s i n e s s C o n t i n u i t y P l an A n n e x
University leaders must know the limits and coverage of the university and
examinethe university insurance policies tomake sure coverage is appropriate
giventheriskproleoftheunit.Allunitsmustperformanannualinsurancereview
to ensure the level and types of coverage are commercially reasonable and
consistentwithanylegal,management,andboardrequirements.Also,unitsmust
create and retain a comprehensive hardware and software inventory list in a secureoff-sitelocationinordertofacilitatetheclaimsprocess.
Unitsshouldbeawareofthelimitationsofinsurance.Insurancecanreimbursefor
some or all of the nancial losses incurred as the result of a disaster or other
signicantevent.However,insuranceisbynomeansasubstituteforaneffective
BCP, as its primaryobjective isnot therecovery ofthe business. For example,
insurancecannotreimburseaunitfordamagetoitsreputation.
6. Government and Community
The university will coordinate with community and government ofcials and
the news media to ensure the successful implementation of the BCP. Ideally,
theserelationships will be established during the planning or testing phases of
business continuity planning. The university will develop the proper protocol in
case a city-wide or region-wide event impacts the institutions operations. The
university will contact state and local authorities during the risk assessment
process to inquire about specic risks or exposures for all their geographic
locations andspecialrequirements foraccessing emergencyzones.During the
recoveryphase,facilitiesaccess,power,andtelecommunicationssystemswould
be coordinated with various entities to ensure timely resumption of operations. Facilities access shouldbe coordinatedwith the policeand redepartmentand
depending on the nature and extentof thedisaster, possibly theTravis County
EmergencyOperationsCenter,theStateofTexasEmergencyOperationsCenter,
andtheFederalEmergencyManagementAgency(FEMA).
J. RISK MONITORING
Action Summary
Riskmonitoringisthenalstepinbusinesscontinuityplanning.Itshouldensurethatthe
unitsBCPisviablethrough:
TestingtheBCPatleastannually
SubjectingtheBCPtoindependentauditandreview
Updating the BCP based upon changes to personnel and the internal and
externalenvironments
RiskmonitoringensuresaBCPisviablethroughtesting,independentreview,andperiodic
updating.
-
8/3/2019 Business Continuity Planfor University
22/53
K. SUMMARY
Insummation,thefollowingsixfactorsarethecriticalaspectsofeffectivebusinesscontinuity
planning:
Businesscontinuityplanningshouldbeconductedonanenterprise-widebasis.
Athoroughbusinessimpactanalysisandriskassessmentarethefoundationof aneffectiveBCP.
Businesscontinuityplanningismorethantherecoveryofthetechnology;itis
therecoveryofthebusiness.
TheeffectivenessofaBCPcanonlybevalidatedthroughthoroughtesting.
TheBCPandtestresultsshouldbesubjectedtoindependentaudit.
ABCPshouldbeperiodicallyupdatedtoreectandrespondtochangesinthe
institution.
14
-
8/3/2019 Business Continuity Planfor University
23/53
APPENDICES
-
8/3/2019 Business Continuity Planfor University
24/53
-
8/3/2019 Business Continuity Planfor University
25/53
APPENDIX A: Glossary
Back-up Generations:Amethodologyforcreatingandstoringbackupleswherebythe
youngest(ormostrecentle)isreferredtoastheson,thepriorleiscalledthefather,
andtheletwogenerationsolderisthegrandfather.Thisbackupmethodologyisfrequently
usedtorefertomasterlesfornancialapplications.
Business Continuity:Anongoingprocesssupportedbyseniormanagementandfundedto
ensurethatthenecessarystepsaretakentoidentifytheimpactofpotentiallosses,maintain
viablerecoverystrategies,recoveryplans,andcontinuityofservices(NFPA1600).
Business Continuity Plan (BCP):A comprehensivewrittenplan tomaintainor resume
businessintheeventofadisruption.
Business Impact Analysis (BIA): The process of identifying the potential impact of
uncontrolled,non-speciceventsonaninstitutionsbusinessprocesses.
Business Resilience:Anenterprise-widestateofreadinessincludingpeople,processes,information,facilities,andthirdpartiesaswellastechnologytocopeeffectivelywithpotentially
disruptiveevents
Data Synchronization:Thecomparisonandreconciliationofinterdependentdatalesat
thesametimesothattheycontainthesameinformation.
Disaster/Emergency Management:Anongoingprocesstoprevent,mitigate,preparefor,
respond to,andrecover froman incident that threatens life, property, operations, or the
environment(NFPA1600).
Disaster Recovery Plan:Aplanthatdescribestheprocesstorecoverfrommajorprocessinginterruptions.
Emergency Management Program:Aprogramthatimplementsthemission,vision,and
strategicgoalsandobjectivesaswellasthemanagementframeworkoftheprogramand
organization(NFPA1600).
Emergency Plan:Thestepstobefollowedduringand immediatelyafteranemergency
suchasare,tornado,bombthreat,etc.
Encryption:Theconversionofinformationintoacodeorcipher.
FEMA:AcronymforFederalEmergencyManagementAgency.
Gap Analysis: A comparison that identies the difference between actual and desired
outcomes.
GETS:AcronymfortheGovernmentEmergencyTelecommunicationsServicecardprogram.
GETScardsprovideemergencyaccessandpriorityprocessingforvoicecommunications
servicesinemergencysituations.
-
8/3/2019 Business Continuity Planfor University
26/53
HVAC:Acronymforheating,ventilation,andairconditioning.
Impact Analysis [Business Impact Analysis (BIA)]:Amanagement levelanalysis that
identiestheimpactsoflosingtheentitysresources(NFPA1600).
Incident Command System:Astandardizedon-sceneemergencymanagementconcept
specicallydesignedtoallowitsuser(s)toadoptanintegratedorganizationalstructureequal
tothecomplexityanddemandsofsingleormultiple incidentswithout beinghinderedbyjurisdictionalboundaries(ICS-010-1).
Incident Management System (IMS):Thecombinationoffacilities,equipment,personnel,
procedures, and communications operating within a common organizational structure
designedtoaidinthemanagementofresourcesduringincidents(NFPA1600).
Media:Physicalobjectsthatstoredata,suchaspaper,harddiskdrives,tapes,andcompact
disks(CDs).
Mirroring:Aprocessthatduplicatesdatatoanotherlocationoveracomputernetworkinrealtimeorclosetorealtime.
Mitigation:Activitiestakentoreducetheseverityorconsequencesofanemergency(NFPA
1600).
Mutual Aid/Assistance Agreement:Aprearrangedagreementbetweentwoormoreentities
toshareresourcesinresponsetoanincident(NFPA1600).
Object Program: Aprogramthathasbeentranslatedintomachine-languageandisready
toberun(i.e.,executed)bythecomputer.
PBX:Acronymforprivatebranchexchange.
Preparedness:Activities,tasks,programs,andsystemsdevelopedandimplementedprior
toanemergencythatareusedtosupportthepreventionof,mitigationof,responseto,and
recoveryfromemergencies(NFPA1600).
Prevention:Activitiestoavoidanincidentortostopanemergencyfromoccurring(NFPA
1600).
Reciprocal Agreement: Anagreementwherebytwoorganizationswithsimilarcomputer
systemsagreetoprovidecomputerprocessingtimefortheotherintheeventoneofthe
systemsisrenderedinoperable.Processingtimemaybeprovidedonabesteffortoras
timeavailablebasis.
Recovery:Activitiesandprogramsdesignedtoreturnconditionstoalevelthatisacceptable
totheentity(NFPA1600).
Recovery Point Objectives:Theamountofdatathatcanbelostwithoutseverelyimpacting
therecoveryofoperations.
18
-
8/3/2019 Business Continuity Planfor University
27/53
Recovery Site:Analternatelocationforprocessinginformation(andpossiblyconducting
business) inanemergency.Usually distinguishedas hot sites that arefullycongured
centerswithcompatiblecomputerequipmentandcoldsitesthatareoperationalcomputer
centerswithoutthecomputerequipment.
Recovery Time Objectives:Theperiodoftimethataprocesscanbeinoperable.
Recovery Vendors:Organizationsthatproviderecoverysitesandsupportservices fora
fee.
Resource Management:Asystemforidentifyingavailableresourcestoenabletimelyand
unimpededaccesstoresourcesneededtoprevent,mitigate,preparefor, respond to,or
recoverfromanincident(NFPA1600).
Response: Immediateandongoing activities, tasks,programs,and systems tomanage
theeffectsofanincidentthatthreatenslife,property,operations,ortheenvironment(NFPA
1600).
Routing:Theprocessofmovinginformationfromitssourcetoadestination.
Select Agent:Thistermhasthemeaningassignedin18U.S.C.175b,asthatsectionmay
beamendedfromtimetotime.
Server:Acomputerorotherdevicethatmanagesanetworkservice.Anexampleisaprint
server,adevicethatmanagesnetworkprinting.
Situation Analysis:Theprocessofevaluatingtheseverityandconsequencesofanincident
andcommunicatingtheresults(NFPA1600).
Source Program:Aprogramwritteninaprogramminglanguage(suchasC,Pascal,or
COBOL).Acompilertranslatesthesourcecodeintoamachinelanguageobjectprogram.
Stakeholder:Any individual,group, ororganization thatmight affect,be affected by, or
perceiveitselftobeaffectedbytheemergency(NFPA1600).
System Development Life Cycle (SDLC):Awrittenstrategyorplanforthedevelopmentand
modicationofcomputersystems,includinginitialapprovals,developmentdocumentation,
testingplansandresults,andapprovalanddocumentationofsubsequentmodications.
T-1 line:Aspecialtypeoftelephonelinefordigitalcommunicationonly.
UPS:Acronymforuninterruptiblepowersupply.Typicallyacollectionofbatteriesthatprovide
electricalpowerforalimitedperiodoftime.
Utility Programs:Aprogramusedtocongureormaintainsystems,ortomakechangesto
storedortransmitteddata.
-
8/3/2019 Business Continuity Planfor University
28/53
UT Institution:TheUniversityofTexasSystemsnineacademicteachinginstitutionsand
sixhealthcenters.
UT System Administration:ThecentraladministrativeofcesthatleadandservetheUT
Institutions byundertakingcertaincentral responsibilities that result in greaterefciency
or higher quality than could be achieved by individual institutions or that fulll legal
requirements.
Vaulting:Aprocessthatperiodicallywritesbackupinformationoveracomputernetwork
directlytotherecoverysite.
20
-
8/3/2019 Business Continuity Planfor University
29/53
APPENDIX B: Internal and External Threats
WhileaBCPshouldbefocusedonrestoringtheuniversitysabilitytodobusiness,regardless
ofthenatureofthedisruption,differenttypesofdisruptionsmayrequireavarietyofresponses
inordertoresumebusiness.Manytypesofdisastersimpactnotonlytheuniversitybutalso
thesurroundingcommunity.Thehumanelementcanbeunpredictableinacrisissituation
and should not be overlooked when developing a BCP. Employees and their familiescouldbeaffectedas signicantlyas,ormoresignicantly than, theuniversity.Therefore,
universityleadershipmustconsidertheimpactsuchadisruptionwouldhaveonpersonnel
theinstitutionwouldrelyonduringsuchadisaster.Forexample,providingaccommodations
andservicestofamilymembersofemployeesorensuringthatalternateworkfacilitiesare
incloseproximitytoemployeeresidencesmaymakeiteasierforemployeestoimplement
theinstitutionsBCP.Also,cross-trainingofpersonnelandsuccessionplanningmaybejust
asessentialasbackupproceduresaddressingequipment,data,operatingsystems,and
applicationsoftware.
ThisAppendixdiscussesthreeprimarycategoriesofinternalandexternalthreats:malicious
activity,naturaldisasters,andtechnicaldisasters.
Malicious Activity
1. Fraud, Theft, Or Blackmail
Since fraud, theft, or blackmail may be perpetrated more easily by insiders,
implementationofemployeeawarenessprogramsandcomputersecuritypolicies
is essential. These threats can cause the loss, corruption, or unavailability
ofinformation,resultinginadisruptionofservicetocustomers.Restrictingaccess
to information that may be altered or misappropriated reduces exposure. The
institutionmay beheld liable for release of sensitiveorcondential information pertaining to its customers; therefore, appropriate procedures to safeguard
informationarewarranted.
2. Sabotage
Personnel should know how to handle intruders, bomb threats, and other
disturbances.Thelocationsof criticaloperationcentersshouldnotbepublicized
and the facilities should be inconspicuous. A disgruntled employee may try to
sabotage facilities, equipment, or les. Therefore, personnel policies should
require the immediate removal from the premise of any employee reasonably
considered a threat,and the immediaterevocation oftheircomputer and facility accessprivileges.
3. Terrorism
Theriskofterrorismisrealandadequatebusinesscontinuityplanningiscriticalfor
auniversity in theeventaterroristattackoccurs.Someformsof terrorism(e.g.,
chemical or biological contamination)may leave facilities intact but inaccessible
for extended periods of time. The earlier an attack is detected the better the
opportunity for successful treatment and recovery.Active monitoring of federal
-
8/3/2019 Business Continuity Planfor University
30/53
and stateemergencywarning systems,suchas local, stateandFEMA,and the
CenterforDiseaseControl(CDC)shouldbeconsidered.
Terrorism is not new, but themagnitude of disruptionand destruction continues
to increase. The loss of life, total destruction of facilities and equipment, and
emotionalandpsychologicaltrauma toemployeescanbedevastating.Collateral
damage can result in the loss of communications, power, and access to a
geographicareanotdirectlyaffected.Terroristattackscanrangefrombombings
of facilities to cyber-attacks on the communication, power, or nancial
infrastructures. The goal of cyber-terrorism is to disrupt the functioning of
information and communications systems. Unconventional attacks could also
include the use of chemical, biological, or nuclear material. Bioterrorists may
employbacterialorviralagentswitheffectsthataredelayed,makingprevention,
response,andrecoveryproblematic.Whiletheprobabilityofa full-scale nuclear
attackisremote,itisnecessarytoaddressthereadinesstodealwithattackson
nuclear power plants and industries using nuclear materials and for attacks
initiated by means of dirty nuclear devices, weapons combining traditional
explosiveswithradioactivematerials.
Natural Disasters
1. Fire
Arecanresultinlossoflife,equipment,anddata.Datacenterpersonnelmust
know what to do in the event of a re to minimize these risks. Instructions
and evacuation plans should be posted in prominent locations and should
include the designation of an outside meeting place so personnel can be
accounted for in an emergency and should include guidelines for securing or
removing media if time permits. Fire drills should be periodically conducted to ensure personnel understand their responsibilities. Fire alarm boxes and
emergencypowerswitchesshouldbeclearlyvisibleandunobstructed.Allprimary
and backup facilities should be equipped with heator smoke detectors.Ideally,
thesedetectorsshouldbelocatedintheceiling,inexhaustducts,andunderraised
ooring. Detectorssituated near air conditioning or intakeducts that hinder the
build-up of smoke may not trigger the alarm. The emergency power shutdown
shoulddeactivate theairconditioningsystem.Walls,doors,partitions,andoors
should be re-resistant. Also, the building and equipment should be grounded
correctlytoprotectagainstelectricalhazards.Lightningcancausebuildingres,
solightningrodsshouldbeinstalledasappropriate.Localreinspectionscanhelp
inpreparationandtraining.
Additionally, dry pipe sprinkler systems should be used, which activate upon
detection of a re and ll the pipe with water only when required, thereby
minimizing the riskofwaterdamage frombursted pipes.These systems should
be the staged type, where the action triggered by a re detector permits time
for operator intervention before it shuts down the power or releases re
suppressants. Personnel should know how to respond to these automatic
suppression systems as wellas the locationand operation of power and other
22
-
8/3/2019 Business Continuity Planfor University
31/53
shut-offvalves.Waterproofcoversshouldbelocatednearsensitiveequipmentin
theeventthatthesprinklersareactivated.Handextinguishersandoortilepullers
shouldbeplacedineasilyaccessibleandclearlymarkedlocations.Theextentof
re protection required depends on the degreeof risk an institution is willing to
acceptandlocalrecodesorregulations.
2. Floods and Other Water Damage
Facilities located in or near a ood plain expose units to increased risk. Units
should take the necessary actions to manage that level of exposure.As water
seeksthelowestlevel,criticalrecordsandequipmentshouldbelocatedonupper
oors,ifpossible,tomitigatethisrisk.Raisedooringorelevatingthewiringand
servers several inches off the oor can prevent or limit the amount of water
damage.Inaddition,institutionsshouldbeawarethatwaterdamagecouldoccur
fromothersources suchasbrokenwatermains,windows,or sprinklersystems.
If there is a oor abovethe computeror equipment room,the ceiling should be
sealedtopreventwaterdamage.Waterdetectorsshouldbeconsideredasaway
toprovidenoticationofaproblem.
3. Severe Weather
A disaster resulting from an earthquake, hurricane, tornado, or other severe
weathertypicallywouldhave itsprobabilityof occurrencedenedbygeographic
location.Giventherandomnatureof thesenaturaldisasters, institutions located
in an area that experiences any of these events should consider including
appropriatescenariosintheirbusiness continuity planning process. In instances
where early warning systems are available, management should provide
procedurestobeimplementedpriortothedisastertominimizelosses.
4. Air Contaminants
Some disasters produce a secondary problem by polluting the air for a wide
geographicarea.Naturaldisasterssuchasoodingcanalso result insignicant
moldor other contamination after the waterhas receded.The severity of these
contaminantscanimpactairqualityataninstitutionandevenresultinevacuation
for an extended period of time. Business continuity planning should consider
the possibility of air contamination and provide for evacuation plans and
theshutdownofHVACsystemstominimizetheriskscausedbythecontamination.
Additionally,considerationshouldbegiventothelengthoftimetheaffectedfacility
couldbeinoperableorinaccessible.
5. Hazardous Chemical Spill
Theuniversity is locatednearamajorinterstatehighway,UShighways,andrail
lines.TheriskofachemicalspillisrealandmustbefactoredintoallBCPs.Aleak
orspillcanresultinaircontamination,asdescribedabove,andchemicalresas
wellasotherhealthrisks.Institutionsshouldmakereasonableeffortstodetermine
thetypesof chemicalsbeingproducedor transportednearby,obtain information
abouttheriskseachmaypose,andtakestepstomitigatesuchrisks.
-
8/3/2019 Business Continuity Planfor University
32/53
Technical Disasters
1. Communications Failure
Thedistributedprocessingenvironmenthasresulted inan increasedrelianceon
telecommunications networks for both voice and data communications
to customers, third parties, and backup sites. Units lacking diversity in their
telecommunicationsinfrastructuresmaybesusceptibletosinglepointsoffailurein theeventadisasteraffectsoneormoreofthesecriticalsystems.
Theuniversitywillmaketheefforttoidentifyanddocumentpotentialsinglepoints
of failure within their internal and external communications systems. If
arrangements are made with multiple telecommunications providers for diverse
routing to achieve redundant systems in an attempt to mitigate this risk,
management should, to the extent possible, identify common points of failure
withinthesesystems.Onetechniqueistoperformanend-to-endtraceofallcritical
orsensitivecircuitstosearchforsinglepointsoffailuresuchasacommonswitch,
router,PBX,ortelephonecentralofce.
In addition to restoring data communication lines with afliates and vendors,
restorationof communicationswithemployeeswill be critical toanyBCP.Asan
alternative to voice landlines, institutions should consider cell phones, two-way
radios, text-based pagers, corporate and public e-mail systems, and Internet-
basedinstantmessaging.Anotheralternativewouldbe to register andestablish
astandbyWorldWideWebhomepagethatisactivatedduringadisasterandis
used to communicate information and individual requirements. Satellite phones
mayalsobeusefulforcommunicatingwithkeypersonnel.
2. Power Failure
The loss of power can occur for a variety of reasons, including storms, res,
maliciousacts,brownouts,andblackouts.Apowerfailurecouldresultintheloss
of computer systems, lighting, heating and cooling systems, and security and
protection systems.Additionally, power surges can occur as power is restored,
and without proper planning, can cause damage to equipment.As a means to
control this risk,voltage entering the computer room should bemonitoredby a
recordingvoltmeterandregulatedtopreventpoweructuations.
Intheeventofpowerfailure,institutionsshoulduseanalternativepowersource,
suchasuninterruptiblepowersupplies(UPS),orgasoline,kerosene,naturalgas,
or diesel generators. A UPS is essentially a collection of standby batteries that provide power for a short period of time. When selecting a UPS, an
institutionshouldmakesure that ithassufcientcapacity toprovideampletime
to shut down the system in an orderly fashion to ensure no data is lost or
corrupted.SomeUPSequipmentcaninitiatetheautomatedshutdownofsystems
withouthumanintervention.Ifprocessingtimeismorecritical,anorganizationmay
arrange foragenerator,whichwill provide power to atleastthemission critical
equipment during extended power outages. Management should maintain an
ample supply of fuel on hand and have arrangements for replenishment. One
24
-
8/3/2019 Business Continuity Planfor University
33/53
potential advantage of natural gas is that it is supplied by pipeline, avoiding
the need to truck it in and maintain it on site. It is important to note that if a
disruptionis signicantenough,itmay result in the inability toobtain additional
fuel.Further,fuelpumpsanddeliverysystemsmaynotbeoperable.
It is also important to ensure alternative power supplies receive periodic
maintenanceandtestingtomaintainoperability.Theuniversitywillcoordinatewith
local authorities on ordinances pertaining to the location of generators and the
storageanddeliveryoffuelifsuchsystemsaredeterminedtobeneeded.
3. Equipment and Software Failure
Equipmentandsoftwarefailuresmayresultinextendedprocessingdelaysand/or
implementationofBCPs for variousbusinessunits dependingon the severity of
the failure. The performance of preventive maintenance enhances system
reliabilityandshouldbeextendedtoallsupportingequipmentsuchastemperature
andhumiditycontrolsystemsandalarmordetectingdevices.
4. Transportation System Disruptions
Unitsshouldnotassumeregionalornationaltransportationsystemswillcontinue
to operate normally during a disruption. Air trafc and/or trains may be halted
bynaturalortechnicaldisasters,maliciousactivity,workstoppages,oraccidents.
Thiscanadverselyimpactcashieroperationsandotherbusinessoperations.Units
shouldinvestigatetheoptionofusingprivateentitiestomitigatedisruptions.
-
8/3/2019 Business Continuity Planfor University
34/53
-
8/3/2019 Business Continuity Planfor University
35/53
-
8/3/2019 Business Continuity Planfor University
36/53
plan.Forexample,amodemusedforbackupmaynotprovidethelevelofservicerequired,
oralinemaysatisfactorilytransmitvoice,butbeinsufcientinqualityandspeedfordata
transmission.Thecostsofvariousbackupalternativesshouldbeweighedagainstthelevel
ofriskprotectionprovidedbythealternatives.Thisassessmentalsoshouldaddresscosts
associatedwithtesting,sinceallcomponentsofaplanshouldbetestedperiodically,including
thecommunicationsmedia.
TheBCPshouldaddressthepracticalityofeachcomponent.Selectedalternativesshould
beabletoaccommodatetheanticipatedvolumesorcapacitiesatthenecessaryspeedsto
meet theestablishedpriorities.Forexample,severaldial-uplinesmaynotbeapractical
replacementforaT-1line.Also,thebackupplanshouldrecognizeavailabilityandleadtimes
requiredtoemploycertaincomponents,suchasinstallingadditionallinesormodemsand
multiplexers/concentratorsatarecoverysite.
Theuniversitywillplayakeyroleinthemaintenanceofnancialsystems.Unitsshouldbe
awareofcertaingovernmentprogramsandofcesthatwork tocoordinateandexpedite
therestorationorprocurementof telecommunicationservicesduringanemergency.The
OfceofPriorityTelecommunications (OPT)undertheNationalCommunicationsSystem
(NCS)administerstheTelecommunicationsServicePrioritySystem(TSP)whichensures
priority treatment of the nations most important telecommunication services supporting
nationalsecurityandemergencypreparednessmissions.ThismeansthatTSPdesignated
circuitswillbethersttoberepairedinanemergency.Allnon-federalusersrequestingTSP
provisioningorrestorationarerequiredfederalregulatorforinformationontheTSPprogram
andwhethertheyqualifyforaTSPdesignation.
TheuniversitymayqualifyforsponsorshipintheGovernmentEmergencyTelecommunications
Service(GETS)card program.Thisprogram isalso administeredbyNCSandprovides
emergencyaccessandpriorityprocessingforvoicecommunicationsservicesinemergency
situations. Units that perform national security or emergency preparedness functions
essentialtothemaintenanceofthenationseconomicpostureduringanynationalorregional
emergencywillqualifyforprogramsponsorship.
TheunitBCPshouldconsiderthesecurityofalternativecomponentstoensuredataintegrity.
Switchingfromberopticstowirepairs,dedicatedtoswitched,ordigitaltoanalogmaymakethelinemoresusceptibletoawiretaportolinenoise,whichcanresultinerrors.Using
dial-uplinescouldfacilitateaccessbythepublic.Additionally,wherewarranted,alternate
equipmentselectedshouldbechecked todetermineif itpermitsencryption.Therelative
importanceoftheapplicationsprocessedandtheextenttowhichaninstitutiondependson
itstelecommunicationssystemwill determine thedegreeofbackuprequired.Leadership
shouldmakeacarefulappraisalofitsbackuptelecommunicationsrequirements,decideon
aneffectiveplan,detailtheprocedures,andtestitseffectivenessperiodically.
28
-
8/3/2019 Business Continuity Planfor University
37/53
APPENDIX D: Third-party Providers, Key Suppliers, andBusiness Partners
Reliance on third-party providers, key suppliers, or business partners may expose the
universitytopointsoffailurethatmaypreventresumptionofoperationsinatimelymanner.
The risks in outsourcing information, transaction processing, and settlement activities
include threatsto thesecurity,availability,andintegrityof systemsandresources, tothecondentialityofinformation,andtoregulatorycompliance.Inaddition,whenathirdparty
performsservicesonbehalfoftheinstitution,increasedlevelsofcredit,liquidity,transaction,
andreputationriskcanresult.Institutionsshouldreviewandunderstandserviceproviders
BCPsandensurecriticalservicescanberestoredwithinacceptabletimeframesbasedupon
theneedsoftheinstitution.Thecontractshouldaddresstheserviceprovidersresponsibility
formaintenanceandtestingresultsandreviewauditstodeterminetheadequacyofplans
andtheeffectivenessofthetestingprocess.
Ifpossible,theuniversitymayconsiderparticipatingintheirserviceproviderstestingprocess.
Contractsshould include detailed business recovery timeframes thatmeet thebusinesscontinuityplanning needsof the institution.The universitysbusinesscontinuityplanning
processwill includedeveloping call lists necessary forcontactingkey individualsat the
serviceprovidersprimaryandrecoverylocations.TheunitsBCPshouldalsoaddresshow
itwillbeexchanginginformationwithitsserviceprovidersshouldtheinstitutionbeoperating
from an alternative location, e.g., transmission via a branch facility that has redundant
telecommunicationslinkswiththeserviceprovider.
Contracts
Theuniversitycontractswith third-partyserviceprovidersandothervendorsfordisaster
recoveryassistance.Thesearrangementscanbecost-effectivesincethecostofmaintaining
adedicatedrecoverysitecanbesubstantial.Whencontractingwiththird-partyprovidersfor
recoveryservices,institutionsshouldconsider:
Stafng: What kinds of technical support personnel is the service provider obligatedtomakeavailableonsitetoassistinstitutionemployeesingettingthe
recoverysiteoperating?
ProcessingTimeAvailability:Assumingotherclientsarealsousingthesame
recovery site, how much processing time is the institution entitled to on a
particularcomputersystem?Istheinstitutionguaranteedasufcientamountof
processingtimetohandlethevolumeofworkthatwillneedtobedoneatthe
site?
Access Rights: Since mostbackup sitescan be used by numerous clients, does the institution have a guaranteed right to use the site in case of an
emergency?Alternatively, does the service provider accept clients on a rst-
come,rst-servebasisuntiltherecoverysiteisatfullcapacity?
-
8/3/2019 Business Continuity Planfor University
38/53
HardwareandSoftware:Istherecoverysiteequippedwiththeprecisecomputer
hardwareandsoftwarethattheinstitutionneedstocontinueoperations?Willthe
institutionbenotiedofchangesintheequipmentattherecoverysite?
SecurityControls:Doestherecoverysitehavesufcientphysicalandlogical securitytoadequatelyprotecttheinstitutionsinformationassets?
Testing: Does the contractwith the service provider permit the institution to
perform at least one full-scale test of the recovery site annually? Does the
service provider perform tests of its own BCP and submit test reports to
theunit?
Condentiality of Data: In the event other businesses are also using the
recovery site,what stepswill the service provider take to ensure the security
andcondentialityofinstitutiondata?Hastheserviceproviderenteredintoan
appropriatecontractwiththecustomerthataddressestherequirementsofthe
Interagency Guidelines Establishing Standards for Safeguarding Customer Information?
Telecommunications: Has the service provider taken appropriate steps to ensuretherecoverysitewillhaveadequatetelecommunicationsservices(both
voiceanddata)forthenumberofpersonnelthatwillbeworkingatthatsiteand
thevolumeofdatatransmissionsthatareanticipated?
ReciprocalAgreements:Intheeventtheunitsrecoverysiteisanotheruniversity
with whom there is a reciprocal agreement, does the other institution have
sufcient excess computer capacity? Are the hardware and software at the recoverysitecompatiblewiththeaffectedinstitutionssystems?Willtheunitbe
notiedofchangesinequipmentattherecoverysite?
Space: Does the recovery sitehaveadequate spaceand related services to
accommodate the affected institutions staff and enable them to conduct
business? This may also include consideration of the space at the service
provider or in the local community to provide food, toilets, medical supplies,
familycare,counseling,news,housing,anddiversionstopersonnel.
PaperFilesandForms:Doestherecoverysitemaintainasufcientinventory ofpaper-basedlesandformsthatarenecessarytotheconductoftheaffected
institutionsbusiness?
PrintingCapacity/Capability:Doestherecoverysitemaintainadequateprinting
capacitytomeetthedemandoftheaffectedinstitution?
Contacts:Whointheunitisauthorizedtoinitiateuseofthebackupsite?Who doestheunitcontactatthebackupsite?
30
-
8/3/2019 Business Continuity Planfor University
39/53
APPENDIX E: Technology Components
ThetechnologycomponentsthatshouldbeaddressedinaneffectiveBCPinclude:
Hardwaremainframe,network,end-user Softwareapplications,operatingsystems,utilities Communications(networkandtelecommunications)
Datalesandvitalrecords Operationsprocessingequipment Ofceequipment
Comprehensiveinventorieswillassistwiththebusinessresumptionandrecoveryeffortsandensureallcomponentsareconsideredduringplandevelopment.Planningshouldincludeidentifyingcriticalbusinessunitdatathatmayonlyresideonindividualworkstations,whichmayormaynotadheretoproperbackupschedules.Additionally,theplanshouldaddressvitalrecords,necessarybackupmethods,andappropriatebackupschedulesfortheserecords.Unitsshouldexercisecautionwhenidentifyingnon-criticalassets.Aunitstelephonebanking,Internetbanking,creditauthorization,orATMsystemsmaynotseemmissioncriticalwhen
systemsareoperatingnormally.However,thesesystemsmayplayacriticalroleintheBCPandbeaprimarydeliverychanneltoservicecustomersduringadisruption.Similarly,aunitselectronicmailsystemmaynotappeartobemissioncritical,butmaybetheonlysystemavailableforemployeeorexternalcommunicationintheeventofadisruption.
1. Data Center Recovery Alternatives
Theuniversitywillmakeformalarrangements foralternate processing capability in the event their data processing site becomes inoperable or inaccessible. The type of recovery alternative selected will vary depending on the criticality of the processes being recovered and the recovery time objectives. Recovery plan alternatives may take several forms and involve the use of another data
centeror installation, such asa third-party service provider.A legal contract or agreementshouldevidencerecoveryarrangementswithathird-partyvendor.The followingareacceptablealternativesfordatacenterrecovery.However,institutions willbeexpectedtodescribetheirreasonsforchoosingaparticularalternativeand whyitisadequatebasedontheirsizeandcomplexity.
Hot Site (traditional active/backupmodel): A hot site is fully congured with compatible computer equipment and typically can be operational within several hours. The university may rely on the services of a third party to provide backup facilities. The traditional active/backup model requires relocating, at a minimum, core employees to the alternative site. This model alsorequiresbackupmediatobetransferredoff-siteonatleastadailybasis. Largeunitsthatoperatecriticalreal-timeprocessingoperationsorcriticalhigh- volume processing activities should considermirroring or vaulting. If a unit is relying on a third party to provide the hot site, there remains a risk that the capacityattheserviceprovidermaynotbeabletosupporttheiroperationsin the event of a regional or large-scale event. Smaller ofces may contract for a mobile hot site, i.e., a trailer outtted with the necessary computer hardwarethatistowedtoapredeterminedlocationintheeventofadisruption
andconnectedtoapowersource.
-
8/3/2019 Business Continuity Planfor University
40/53
Duplicate Facilities/Split Operations (active/active model): Under this scenario, two or more separate, active sites provide inherent backup to one
another. Each site has the capacity to absorb some or all of the work of the
other site for an extended period of time. This strategy can provide almost
immediateresumptioncapacitydependingonthesystemsusedtosupportthe
operations and the operating capacity at each site. The maintenance of
excess capacity at each site and added operating complexity can have
signicant costs. Even using the active/active model, current technological
limitationsprecludewidegeographicdiversityofdatacentersthatusereal-time,
synchronous data mirroring backup technologies.However, other alternatives
beyond synchronousmirroringmay be available to allow for greater distance
separation.
Cold Site: Cold sites are locations that are part of a longer-term recovery
strategy. A cold site provides a backup location without equipment, but with
power, air conditioning, heat, electrical, network and telephone wiring, and
raised ooring. An example of a situation when a cold site can be a viable
alternativeiswhentheunithasrecoveredatanotherlocation,suchasahotsite, but needsa longer term locationwhile their data center is being rebuilt.Cold
sitestypicallycantakeuptoseveralweekstoactivate.Institutionsmayrelyon
theservicesofathirdpartytoprovidecoldsitefacilitiesormayhousesucha
facilityatanotherlocation,suchasabranchorotheroperationscenter.
TertiaryLocation:Someunitshaveidentiedtheneedtohaveathirdlocationor
a backup to the backup. These tertiary locations provide an extra level of
protection in theeventneither theprimary locationnorthesecondary location
isavailable.Moreover,atertiarylocationbecomestheprimarybackuplocation
in the event the institution has declared a disaster and is operating out of
contingencyorsecondarysite.
The universitymay enter into agreements, commonly referred to as Reciprocal
Agreements, with other institutions to provide equipment backup. This
arrangement is usually made on a best-effort basis, whereby institution A
promises to back up institution B as long as institution A has time available
and vice versa. In the vast majority of cases, reciprocal agreements are
unacceptablebecausetheinstitutionagreeing toprovidebackuphasinsufcient
excess capacity to enable the affected institution to process its transactions
inatimelymanner.Ifaninstitutionchoosestoenterintoa reciprocalagreement
and can establish thatsuch an arrangementwill provide an acceptable level of backup,theagenciesexpectsuchanagreementtobeinwritingandtoobligate
unitAtomakeavailablesufcientprocessingcapacityandtime.Theagreement
should also specify that each unit will be notied of equipment and software
changesattheotherunits.
2. Backup Recovery Facilities
The recovery site should be tested at least annually and when equipment or
applicationsoftwareischangedtoensurecontinuedcompatibility.Additionally,the
32
-
8/3/2019 Business Continuity Planfor University
41/53
recovery facility should exhibit a greater level of security protection than the
primary operations site since the people and systems controlling access to the
recovery site will not be as familiar with the relocated personnel using it. This
securityshouldincludephysicalandlogicalaccesscontrolstothesiteaswellas
the computer systems. Further, the BCP and recovery procedures should be
maintainedatthealternativeandoff-sitestoragelocations.
Regardlessofwhichrecoverystrategyisutilized,therecoveryplanshouldaddress how any backlogof activity and/orlost transactionswill be recovered.The plan
shouldidentifyhowtransactionrecordswillbebroughtcurrentfromthetimeofthe
disasterandtheexpectedrecoverytimeframes.
Alternativeworkspacecapacityisjustasimportantasalternativedataprocessing
capabilities.Managementshouldarrangeforworkspacefacilities andequipment
foremployeestoconductongoingbusinessfunctions.
3. Geographic Diversity
When determining the physical location of an alternate processing site, management should consider geographic diversity. Units should consider the
geographic scope ofdisruptions and theimplications of a citywide disruption or
even a regional disruption.The distancebetweenprimary andbackup locations
shouldconsiderrecoverytimeobjectivesandbusinessunitrequirements.Locating
abackupsite toocloseto theprimarysitemaynotinsulate itsufciently froma
regionaldisaster.Alternatively,locatingthebackupsitetoofarawaymaymakeit
difcult to relocate the staff necessary to operate the site. If relocationof staff
is necessary to resumebusiness operationsat thealternate site, consideration
should be given to their willingness to travel due to the events, the modes of
transportation available, and if applicable, lodging and living expenses for
employees that relocate. When evaluating the locationsof alternate processing
sites, it is also important to subject the secondary sites to a threat scenario
analysis.
4. Backup and Storage Strategies
Institutionmanagementshould basedecisionson softwareanddata le backup
and on the criticality of the software and data les to the nancial institutions
operations. In establishing backup priorities, management should consider all
types of information and the potential impact from loss of such les. This
includes nancial, regulatory, and administrative information, and operating,
application, and security software. In assigning backup priority, management shouldperformariskassessmentthataddresseswhether:
Thelossoftheseleswouldsignicantlyimpairtheunitsoperations
The les are being used to manage university assets or to make decisions
regardingtheiruse
The les contain updated security and operating system congurations that
wouldbenecessarytoresumeoperationsinasecuremanner
The loss of the les would result in lost revenue, critical information, or vital
research
-
8/3/2019 Business Continuity Planfor University
42/53
Anyinaccuracyordatalosswouldresultinsignicantimpactontheinstitution
(includingreputation)oritscustomers
Thefrequencyoflebackupalsodependsonthecriticalityoftheapplicationand
data. Critical data should be backed up using the multiple generation (i.e.,
grandfather-father-son,etc.)method androtated to an off-site location at least
daily.Online/real-timeorhigh-volumesystemsmaynecessitatemoreaggressive
backupmethodssuchasmirroringorelectronicvaultingataseparateprocessing
facility toensure appropriate backup ofoperations,as analternative to backup
tapestorage.
Backuptapestorageremainsaviablesolutionformanyunits.However,whenan
unitsprimarybackupmediaistapestorage,backuptapesshouldbesenttothe
off-sitestorageassoonaspossibleandshouldnotresideattheiroriginallocation
overnight.Backupmedia,especiallytapes,shouldbeperiodicallytestedtoensure
theyarestillreadable.Tapesrepeatedlyusedorsubjectedtoextremevariationsin
temperature or humidity may become unreadable, in whole or part, over time.
Remote journaling is the process of recording transaction logsor journals at a remote location. These logs and journals are used to recover transaction and
database changes since the most recent backup. Backup of operating system
software and application programs must be performed whenever they are
modied,updated,orchanged.
5. Data File Backup
One of the most critical components of the backup process involves the
universitysdatales,regardlessoftheplatformonwhichthedataislocated.Units
mustbeabletogenerateacurrentmasterlethatreectstransactionsuptothe
pointin time ofthe disruption.Data les shouldbe backed up both on siteand
off-site to provide recovery capability. Retention of current data les, or older
masterlesandthetransactionlesnecessarytobringthemcurrent,isimportant
sothatprocessingcancontinueintheeventofadisasterorotherdisruption.The
creationand rotation of core processing data lebackupshould occur at least
daily,more frequently if the volumeof processing or online transaction activity
warrants.Lesscriticaldatalesmaynotneedtooff-siteinatimelymannerandnot
bereturneduntilnewbackuplesareoff-site.
6. Software Backup
Software backup for all hardware platforms consists of three basic areas:
operatingsystemsoftware,applicationsoftware,andutilitysoftware.Allsoftware and related documentation should have adequate off-premises storage. Even
when using a standard software package from one vendor, the software can
varyfromonelocationtoanother.Differencesmayincludeparametersettingsand
modications, security proles, reporting options, account information, or other
optionschosenbytheinstitutionduringorsubsequenttosystemimplementation.
Therefore,comprehensivebackupofallcriticalsoftwareisessential.Theoperating
system software should be backed up with at least two copies of the current
34
-
8/3/2019 Business Continuity Planfor University
43/53
version. One copy should be stored in the tape and disk library for immediate
availability in theeventtheoriginal is impaired;theothercopyshouldbestored
inasecure,off-premises location.Duplicatecopiesshouldbe testedperiodically
andrecreatedwheneverthere is a change to the operatingsystem.Application
software,which includes both source (if the institution has it in its possession)
andobjectversionsofallapplicationprograms,shouldbemaintainedinthesame
mannerastheoperatingsystemsoftware.Backupcopiesoftheprogramsshould
beupdatedasprogramchangesaremade.
Giventheincreasedrelianceonthedistributedprocessingenvironment,the
importanceofadequatebackupresourcesandproceduresforlocalareanetworks
andwideareanetworksisimportant.Managementshouldensurethatall
appropriateprogramsandinformationarebackedup.Dependingonthesizeof
theunitandthenatureofanticipatedrisksandexposures,thetimespentbacking
updataisminimalcomparedwiththetimeandeffortnecessaryforrestoration.
Filesthatcanbebackedupwithinashortperiodoftimemayrequiredays,weeks,
ormonthstorecreatefromhardcopyrecords,assuminghardcopyrecordsare
available.Comprehensiveandclearproceduresarenecessarytorecovercritical networksandsystems.Proceduresshould,ataminimum,include:
Frequencyofupdateandretentioncyclesforbackupsoftwareanddata
Periodicreviewofsoftwareandhardwareforcompatibilitywithbackupresources
Periodic testing of backup procedures for effectiveness in restoring normal
operations
Guidelinesforthelabeling,listing,transportation,andstorageofmedia
Maintenanceofdatalelistings,theircontents,andlocations
Hardware,software,andnetworkcongurationdocumentation
Controlstominimizetherisksinvolvedinthetransferofbackupdata,whether
byelectroniclinkorthroughthephysicaltransportationofdiskettesandtapesto
andfromthestoragesite
Controlstoensuredataintegrity,clientcondentiality,andthephysicalsecurity
ofhardcopyoutput,media,andhardware
7. Off-site Storage
The off-site storage location should be environmentally controlled and secure
withproceduresforrestrictingphysicalaccesstoauthorizedpersonnel.Moreover,
the off-site premises should be an adequate distance from the computer
operationslocationsothatbothlocationswillnotbeimpactedbythesameevent.
BeyondacopyoftheBCP,duplicatecopiesofallnecessaryproceduresincluding
endofday,endofmonth,endofquarterandprocedurescoveringrelativelyrare anduniqueissuesshouldbestoredattheoff-sitelocations.Anotheralternativeto
considerwould beto place the critical informationon a secure shared network
drive with the data backed up during regularly scheduled network backup.
However,thisshareddriveshouldbeinadifferentphysicallocationthatwouldnot
beaffectedbythesamedisruption.
Managementneedstomaintainacertainlevelofnon-networked(e.g.,hardcopy)
materialin the eventthatthe network environmentis not available for aperiod
-
8/3/2019 Business Continuity Planfor University
44/53
of time.Reservesupplies,suchas forms,manuals,letterhead,etc.,shouldalso
bemaintained in appropriate quantities at an off-site location andmanagement
shouldmaintainacurrentinventoryofwhatisheldinthereservesupply.
36
-
8/3/2019 Business Continuity Planfor University
45/53
APPENDIX F: BCP & Personnel Components
BasedontheBIA,theBCPshouldassignresponsibilitiestomanagement,specicpersonnel,
teams,andserviceproviders.Theplanshouldidentifyintegralpersonnelthatareneededfor
successfulimplementationoftheplananddevelopcontingenciestobeimplementedshould
thoseemployeesnotbeavailable.Additionally, vendorsupportshouldbe identied.The
BCPshouldaddress:
Howwilldecisionmakingsuccessionbedeterminedintheeventofthelossof
managementpersonnel?
Who will be responsible for leading the various BCP Teams (e.g., Crisis/
Emergency, Recovery, Technology, Communications, Facilities, Human
Resources,BusinessUnitsandProcesses,CustomerService)?
Who will be the primary contact with critical vendors, suppliers, and service
providers?
Whowillberesponsibleforsecurity(informationandphysical)?
Planning should also consider personnel resources necessary for decisionmakingand
stafngatalternatefacilitiesundervariousscenarios.Keypersonnelshouldbeidentiedtomakedecisionsregardingeffortstoprovideforrenovatingorrebuildingtheprimaryfacility.
This could requirepersonnel beyondwhat isnecessary forongoing business continuity
efforts.
Finally,thebusinesscontinuityplanningcoordinatorand/orplanningcommitteeshouldbe
givenresponsibilityforregularlyupdating theBCPonat leastanannualbasisandafter
signicantchangestotheoperationsandenvironment.
-
8/3/2019 Business Continuity Planfor University
46/53
-
8/3/2019 Business Continuity Planfor University
47/53
APPENDIX G: Facilities
TheBCP shouldaddresssite relocation forshort-,medium- and long-termdisaster and
disruption scenarios.Continuity planning for recovery facilities should consider location,
size, capacity (computerand telecommunications),andrequired amenitiesnecessary to
recoverthelevelofservicerequiredbythecriticalbusinessfunctions.Thisincludesplanning
forworkspace, telephones,workstations,networkconnectivity,etc.Whendeterminingan
alternateprocessingsite,managementshouldconsiderscalabilityintheeventalong-term
disaster becomes a reality.Additionally, during the recovery period, theBCP should be
reassessedtodetermineiftertiaryplansarewarranted.Procedurestoutilizeattherecovery
locationshouldbedeveloped.Inaddition,anyles,inputwork,orspecicforms,etc.,needed
atthebackupsiteshouldbespeciedinthewrittenplan.Theplanshouldincludelogistical
proceduresformovingpersonneltotherecoverylocationinadditiontostepstoobtainthe
materials(media,documentation,supplies,etc.)fromtheoff-sitestoragelocation.Plansfor
lodging,meals,andfamilyconsiderationsmaybenecessary.
-
8/3/2019 Business Continuity Planfor University
48/53
-
8/3/2019 Business Continuity Planfor University
49/53
APPENDIX H: Communication
Communication is a critical aspect of a BCP and should include communication with
emergency personnel, employees, directors, regulators, vendors/suppliers (detailed
contactinformation),customers(noticationprocedures),andthemedia(designatedmedia
spokesperson).Alternatecommunicationchannelsshouldbeconsideredsuchascellular
telephones,pagers,satellitetelephones,andInternet-basedcommunicationssuchase-mail
orinstantmessaging.
-
8/3/2019 Business Continuity Planfor University
50/53
-
8/3/2019 Business Continuity Planfor University
51/53
APPENDIX I: Other Considerations
Eachunitisdifferentandprocesseswillvary.However,managementshouldconsiderhow
toaccomplishthefollowing:
Prevention,mitigation,andpreparedness
Reconcilingrecoverytimeswithbusinessunitrequirements
Disasterdeclarationandplanimplementationprocesses Recoveryprogressreporting
Trainingofpersonnelandtestingoftheplans
-
8/3/2019 Business Continuity Planfor University
52/53
-
8/3/2019 Business Continuity Planfor University
53/53