Business Continuity Plan
Short Description
Download Business Continuity Plan...
Description
BUSINSS !"N#INUI#$ P%&N 'UI(%INS &N( #)P%&#S
If you need assistance in filling out any an y of this plan Please contact Randy Jones at ext. 23868.
Int*oduction #he Uni+e*sity of #exas )edical B*anch and its e,ployees ha+e faced ,any ,an y disaste*s f*o, the /00 Sto*,1 the #exas !ity (isaste* of / to hu**icanes !a*la in /61 /6 1 &licia in /831 and lastly hu**icane hu**icane I4e in 2008. In o*de* to ,aintain ou* status as one of the leading health ca*e institutions in the nation1 5e ,ust continue to e p*epa*ed fo* these and othe* potential disaste*s. #he onset of ho,eland te**o*is, in the United States1 S tates1 coupled 5ith the 'ulf !oast7s +ulne*aility fo* natu*al disaste*s ,a4e it essential fo* U#)B to ensu*e that plans a*e in place1 tested t*ue1 and +iale1 should 5e find ou*sel+es in a th*eatening situation - e it ,an,ade o* natu*al. #he*efo*e1 in *esponse to these challenges and in align,ent 5ith the 9o,eland Secu*ity &ct1 the #exas State Inf*ast*uctu*e P*otection !o,,ittee1 and State of #exas (epa*t,ent of Info*,ation Resou*ces :(IR;1 Info*,ation Se*+ices at U#)B has een as4ed to de+elop a ,odel Business !ontinuity Plan to assist you in de+eloping and testing t esting 5o*4 plans fo* you* o5n a*eas. Ulti,ately1 you* plans should e st*uctu*ed to ,a4e it possile to continue to do usiness and function du*ing and afte* 5hate+e* c*isis ,ay a*ise. IS 5ill also identify *esou*ces and coo*dinate the p*ocess p *ocess fo* de+eloping1 testing and e+aluating these plans. !*itical functional a*eas ha+e een identified to pa*ticipate in this p*ocess and 5ill continue to e add*essed on an ongoing asis. #his yea*7s plan c*eation and testing 5ill include In+ision1 Signatu*e1 and P I!. (e+eloping a Business !ontinuity Plan is a ,ultidi,ensional p*ocess and includes a nu,e* of phases as p*esc*ied y the (IR. #hese phases include< P*o=ect Initiation1 Business I,pact &nalysis1 Reco+e*y St*ategies1 Plan (e+elop,ent1 #esting1 and )aintenance > #*aining - all of o f 5hich 5ill e add*essed at U#)B. It is i,pe*ati+e that each of ou* leade*s lead e*s suppo*t and coope*ate in the de+elop,ent de+ elop,ent of the plans that 5ill 4eep U#)B ope*ating th*ough the ,ost difficult of ti,es.
If you need assistance in filling out any an y of this plan Please contact Randy Jones at ext. 23868.
Int*oduction #he Uni+e*sity of #exas )edical B*anch and its e,ployees ha+e faced ,any ,an y disaste*s f*o, the /00 Sto*,1 the #exas !ity (isaste* of / to hu**icanes !a*la in /61 /6 1 &licia in /831 and lastly hu**icane hu**icane I4e in 2008. In o*de* to ,aintain ou* status as one of the leading health ca*e institutions in the nation1 5e ,ust continue to e p*epa*ed fo* these and othe* potential disaste*s. #he onset of ho,eland te**o*is, in the United States1 S tates1 coupled 5ith the 'ulf !oast7s +ulne*aility fo* natu*al disaste*s ,a4e it essential fo* U#)B to ensu*e that plans a*e in place1 tested t*ue1 and +iale1 should 5e find ou*sel+es in a th*eatening situation - e it ,an,ade o* natu*al. #he*efo*e1 in *esponse to these challenges and in align,ent 5ith the 9o,eland Secu*ity &ct1 the #exas State Inf*ast*uctu*e P*otection !o,,ittee1 and State of #exas (epa*t,ent of Info*,ation Resou*ces :(IR;1 Info*,ation Se*+ices at U#)B has een as4ed to de+elop a ,odel Business !ontinuity Plan to assist you in de+eloping and testing t esting 5o*4 plans fo* you* o5n a*eas. Ulti,ately1 you* plans should e st*uctu*ed to ,a4e it possile to continue to do usiness and function du*ing and afte* 5hate+e* c*isis ,ay a*ise. IS 5ill also identify *esou*ces and coo*dinate the p*ocess p *ocess fo* de+eloping1 testing and e+aluating these plans. !*itical functional a*eas ha+e een identified to pa*ticipate in this p*ocess and 5ill continue to e add*essed on an ongoing asis. #his yea*7s plan c*eation and testing 5ill include In+ision1 Signatu*e1 and P I!. (e+eloping a Business !ontinuity Plan is a ,ultidi,ensional p*ocess and includes a nu,e* of phases as p*esc*ied y the (IR. #hese phases include< P*o=ect Initiation1 Business I,pact &nalysis1 Reco+e*y St*ategies1 Plan (e+elop,ent1 #esting1 and )aintenance > #*aining - all of o f 5hich 5ill e add*essed at U#)B. It is i,pe*ati+e that each of ou* leade*s lead e*s suppo*t and coope*ate in the de+elop,ent de+ elop,ent of the plans that 5ill 4eep U#)B ope*ating th*ough the ,ost difficult of ti,es.
If you need assistance in filling out any an y of this plan Please contact Randy Jones at ext. 23868.
Executive Summary &n xecuti+e Su,,a*y of the Business !ontinuity Plan 5ill need to e const*ucted. co nst*ucted. #his 5ill e a *ief *ief o+e*+ie5 of you* plan7s *eco+e*y st*ategy. #his should e done afte* you ha+e co,pleted section fou* :; of this te,plate. **** Examples from other Plans
If you need assistance in filling out any an y of this plan Please contact Randy Jones at ext. 23868.
#ale of !ontents .
Organizational Information of Plan . xecuti+e Sponso* .2 #ea, %eade* .3 B!P P*o=ect #ea, .3. Select and Notify B!P P*o=ect #ea, #e,plate .3.2 )ission !*itical &cti+ities . Plan &pp*o+al .? P*o=ect Plan
2.
Objectives and Deliverables 2.. P*o=ect "=ecti+es and (eli+e*ales
3.
Business Impact Analysis and is! Analysis 3.. Business I,pact &nalysis 3.2.2 n+i*on,ental (isaste*s 3.2.3 "*gani@ed and A o* (elie*ate (is*uption 3.2. %oss of Utilities and Se*+ices 3.2.? uip,ent o* Syste, Cailu*e 3.2.6 Se*ious Info*,ation Secu*ity Incidents 3.2. "the* ,e*gency Situations
.
Business Interruption ecovery Plans . Bac4up1 Reco+e*y and Resu,ption St*ategy .. Bac4up1 Reco+e*y and Resu,ption St*ategy #e,plate .2 Cacilities > ssential uip,ent Bac4up and Reco+e*y St*ategy .2. Cacilities > ssential uip,ent Bac4up and Reco+e*y St*ategy #e,plate .3 (epa*t,ental and Uni+e*sity I# Syste,s Bac4up and Reco+e*y St*ategy .3. (epa*t,ental and Uni+e*sity I# Syste,s Bac4up and Reco+e*y
If you need assistance in filling out any of this plan Please contact Randy Jones at ext. 23868.
St*ategy #e,plate . St*ategies fo* P*otecting Nonlect*onic !*itical andAo* Sensiti+e (ocu,ents andAo* Reco*ds .? Dey Staff .?. Dey Staff #e,plate .6 ,e*gency !ontact . !*itical Supplies .. !*itical Supplies #e,plate .8 !*itical Eendo*ASupplie* Info*,ation .8. !*itical Eendo*ASupplie* Info*,ation #e,plate
?.
Plan Education"#raining ?. #*aining Needs &ssess,ent ?.. #*aining &ssess,ent #e,plate ?.2 #*aining !o,pleted
6.
Plan #esting
.
Plan $aintenance . #est !hanges fo* B!P
8.
Post Incident evie%
/.
&lossary
0
Examples
If you need assistance in filling out any of this plan Please contact Randy Jones at ext. 23868.
. xecuti+e Sponso* #he xecuti+e Sponso* is the (epa*t,ental Rep*esentati+e o* '*oup that has the *esponsiility to ,a4e su*e that this c*itical function is deli+e*ed to the u ni+e*sity. #he*efo*e it is the *esponsiility of the xecuti+e Sponso* to ,a4e su*e that a Business !ontinuity Plan is de+eloped1 ,aintained1 and tested. #he xecuti+e Sponso* is *esponsile fo* the follo5ing< I,ple,enting the tea,1 (e+eloping a Business !ontinuity Policy State,ent1 Re+ie5ing Ris4 &nalysis1 &pp*o+ing o+e*all plan content1 Re+ie5ing all testing outco,esF and1 Re+ie5ing any changes and ,aintenance to the plan. • • • • • •
eturn to #able of 'ontents
.2 #ea, %eade*
Co* a p*o=ect of this significance and co,plexity to e successful1 a suitaly ualified #ea, %eade* 5ill need to e appointed. #he #ea, %eade* should possess good leade*ship ualities1 a good unde*standing of usiness p*ocesses and usiness ,anage,ent and st*ong p*o=ect ,anage,ent s4ills. &n alte*nate #ea, %eade* should also e appointed 5ho 5ould e ale to ta4e o+e* the functions of the #ea, %eade* if needed. It 5ill e the *esponsiility of the #ea, %eade* to ,a4e su*e the tea, is p*og*essing in acco*dance 5ith the P*o=ect Plan guidelines1 gi+e *egula* status *epo*ts to the Business !ontinuity Plan :B!P; Sponso*1 and otain app*o+al f*o, the Sponso* as needed.
eturn to #able of 'ontents
2
.3 B!P P*o=ect #ea, #he Business !ontinuity Plan :B!P; P*o=ect #ea, ,e,e*s should e selectedF pe*,ission otained fo* thei* in+ol+e,ent :if necessa*y;F and fo*,ally notified. ach of the ,ain usiness and ope*ational a*eas 5ithin the o*gani@ation should e *ep*esented on the B!P P*o=ect #ea,. Rep*esentati+es f*o, each of the 4ey usiness a*eas should ha+e a co,p*ehensi+e unde*standing of ho5 thei* o5n usiness a*ea functions1 in addition to an o+e*all unde*standing of the o*gani@ation as a 5hole. ach a*ea *ep*esentati+e should e ale to *ing to the B!P P*o=ect #ea, info*,ation on ho5 his o* he* o5n a*ea functions1 its 4ey usiness acti+ities o* suppo*t functions1 and its 4ey *is4 a*eas.
eturn to #able of 'ontents
3
.3. Select and Notify B!P P*o=ect #ea, ach of the usiness and ope*ational a*eas 5ithin the o*gani@ation a*e to e *ep*esented on the B!P P*o=ect #ea,. #he P*o=ect #ea, has o+e*all *esponsiility fo* the de+elop,ent and ,aintenance of the Plan. )e,e*s of the B!P P*o=ect #ea, a*e cu**ently as follo5s< B'P PO(E'# E)E'*#I+E SPO,SO
(OB #I#-E A,D DEPA#$E,#"DI+ISIO,
'O,#A'# I,.O$A#IO, /-ocation0 P1one0 Email0 Pager0 'ell P1one2 E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0 Pager0 'ell P1one2
&ny indi+idual *esponsiilities 5ithin P*o=ect #ea,<
B'P PO(E'# #EA$ -EADE
(OB #I#-E A,D DEPA#$E,#"DI+ISIO,
'O,#A'# I,.O$A#IO, /-ocation0 P1one0 Email0 Pager0 'ell P1one2 E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0 Pager0 'ell P1one2
&ny indi+idual *esponsiilities 5ithin P*o=ect #ea, :i.e. Business Cunction o* P*ocess;<
B'P PO(E'# A-#E,A#E #EA$ -EADE
(OB #I#-E A,D DEPA#$E,#"DI+ISIO,
'O,#A'# I,.O$A#IO, /-ocation0 P1one0 Email0 Pager0 'ell P1one2 E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0 Pager0 'ell P1one2
&ny indi+idual *esponsiilities 5ithin P*o=ect #ea, :i.e. Business Cunction o* p*ocess;<
B'P PO(E'# #EA$ $E$BE
(OB #I#-E A,D DEPA#$E,#"DI+ISIO,
'O,#A'# I,.O$A#IO, /-ocation0 P1one0 Email0 Pager0 'ell P1one2 E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0 Pager0 'ell P1one2
&ny indi+idual *esponsiilities 5ithin P*o=ect #ea,<
B'P PO(E'# #EA$ $E$BE
(OB #I#-E A,D DEPA#$E,#"DI+ISIO,
'O,#A'# I,.O$A#IO, /-ocation0 P1one0 Email0 Pager0 'ell P1one2 E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0 Pager0 'ell P1one2
&ny indi+idual *esponsiilities 5ithin P*o=ect #ea,<
&dd *o5s as needed
eturn to #able of 'ontents
?
.3.2 )ission !*itical &cti+ities #he follo5ing is a desc*ipti+e list of the o*gani@ation7s ,ission c*itical acti+ities andAo* c*itical usiness p*ocesses1 togethe* 5ith a *ief desc*iption of the usiness p*ocess and ,ain dependencies. 5E3 B*SI,ESS AEA
BIE. DES'IP#IO, O. B*SI,ESS PO'ESS
eturn to #able of 'ontents
6
$AI, DEPE,DE,'IES
. Plan of &pp*o+al P*ocedu*e fo* &pp*o+ing Business !ontinuity Plan :B!P; !ontent #he*e ,ust e a clea* p*ocedu*e fo* adoption and app*o+al of the B!P. Updates and changes to the plan should also e included in this p*ocess.
#he tea, should select f*o, the follo5ing possile app*o+al ph ases. • • • •
&ppoint,ent of B!P #ea, )e,e*s "+e*all Plan !ontent #esting Plan "utco,es !hangesA)aintenance to Plan
eturn to #able of 'ontents
&pp*o+ing Business !ontinuity Plan :B!P !ontent; B'P 'ontent
Sent Date
Approved Date
eturn to #able of 'ontents
8
'omments
.? P*o=ect Plan #as! ,ame
Duration
Patient 'are Delivery Process Phases Begin - P*o=ect InitiationARis4 &nalysis Business Inte**uption Reco+e*y PlansASt*ategies &pp*o+al - xecuti+e Sponso* #*aining > !o,,unication Ealidation > #esting Plan Updates > )aintenance Gua*te*ly Re+ie5A#estingAPlan )odifications
2 54s 8 54s 54s 2 54s 2 54s 54s
eturn to #able of 'ontents
/
Start
.inis1
6 'omplete
2. "=ecti+es and (eli+e*ales #he o=ecti+es fo* the p*o=ect need to e clea*ly defined1 togethe* 5ith the deli+e*ales. !oncise definition 5ill enale the B!P P*o=ect #ea, to focus its effo*ts on the ,ost i,po*tant issues and to ensu*e the 5o*4 unde*ta4en is *ele+ant in the context of the o*iginal p*o=ect expectations. #he depa*t,ental B!P sponso* 5ould no*,ally app*o+e these o=ecti+es and deli+e*ales.
Suggested Ho*ding fo* a Suitale "=ecti+e #he p*o=ects p*inciple o=ecti+e could e stated as< "The development and testing of a well structured and coherent plan which will enable the department / or function to recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts normal business operations." #he depa*t,ent A o* function could additionally ha+e a se*ies of suo=ecti+es 5hich could co+e* issues such as speciali@ed *esea*ch and de+elop,ent acti+ities1 the need to ensu*e that all e,ployees fully unde*stand thei* duties in i,ple,enting such a plan1 the need to ensu*e that info*,ation secu*ity policies a*e adhe*ed to 5ithin all planned acti+ities o* the need to ensu*e that the p*oposed contingency a**ange,ents a*e cost effecti+e.
Suggested Ho*ding fo* a Suitale %ist of (eli+e*ales #he deli+e*ales1 in outline1 should consist of< •
•
Business Ris4 and I,pact &nalysis (ocu,ented acti+ities necessa*y to p*epa*e the depa*t,ent A o* function fo* possile e,e*gencies :including st*ategic *eco+e*y ,easu*es;
•
(etailed acti+ities fo* dealing 5ith the (isaste* Reco+e*y Phase
•
P*ocedu*e fo* ,anaging the Business Reco+e*y P*ocess
•
Plan fo* testing the Business Reco+e*y P*ocess
•
Plan fo* t*aining the staff in the Business Reco+e*y P*ocess
•
P*ocedu*e fo* 4eeping the Plan updated
*** Examples from other Plans
eturn to #able of 'ontents
0
2.. P*o=ect "=ecti+es and (eli+e*ales
#o enale the B!P P*o=ect #ea, to focus effo*ts on the 4ey issues1 and to ensu*e the 5o*4 unde*ta4en is *ele+ant to the *eui*e,ents of the p*o=ect1 the p*o=ects o=ecti+es and deli+e*ales ,ust e clea*ly defined. #he (epa*t,ent A xecuti+e Sponso* is *esponsile fo* app*o+al of o=ecti+es and deli+e*ales. OB(E'#I+ES O. B'P PO(E'#7 )ain o=ecti+e of B!P P*o=ect<
Suo=ecti+es of the B!P P*o=ect<
DE-I+EAB-ES O. B'P PO(E'#7
eturn to #able of 'ontents
3. Business I,pact &nalysis #he pu*pose of the Institutional Business I,pact &nalysis :BI&; is to assist executi+e leade*ship in dete*,ining the pe*cei+ed c*iticality of disc*ete U#)B usiness unit entities. Ideally the BI& should facilitate the high le+el identification of< !o,,unity i,pacts "pe*ational i,pacts Cinancial i,pacts Regulato*y i,pacts &cc*editation i,pacts P*ocess inte*dependencies (ata sensiti+ity (o5nti,e tole*ance Reco+e*y co,plexity #echnology dependencies • • • • • • • • • •
Cu*the*1 the agg*egated *esults of the Institutional BI& 5ill ulti,ately define p*o=ect scope fo* a suseuent1 ,o*e *igo*ous e+aluation of associated se*+ices and 5o*4 p*oduct. 9ence1 please co,plete all uestions and p*o+ide as ,uch info*,ation as possile to ensu*e 4ey data ele,ents a*e not ,issed.
NOTE !ee footnote below for eamples of the term department
. (epa*t,ent #as per $%! four digit Org &'( 2. (epa*t,ent &lign,ent : as per Eecutive )evel %eporting !tructure;< # ( 'epartment within *usiness +nit #i.e,. $O- is a department within !upport !ervices a business unit within *usiness -dministration( # ( *usiness +nit within Entity #i.e., !upport !ervices is a *usiness +nit within *usiness -dministration an entity( 3. (esc*iption of (epa*t,ent< #0hat are your department1s primary functions and processes2 0hat services does the department provide the +niversity2(
2
. P*ocess "utput< #0hat primary services, work products or information created/provided is made available by your department2 )ist 3 of the most important.
?. P*ocess Input< #0hat primary services/resources does your department rely on to perform its activities2 i.e., &nformation Technology/software, Technology/software, special equipment information, information, etc. )ist up to five.(
6. #he loss of these se*+icesA*esou*ces 5ould ha+e the follo5ing cu,ulati+e effect on entity function and p*ocesses< : ; Significant ha*, o* effect #i.e., entity/department could supply some services/resources to the university but in such a diminished capacity capacity that services would be be unacceptable( : ; )ode*ate ha*, o* effect #i.e., entity/department could supply services/resources in a diminished but acceptable capacity to the university( : ; )ini,al ha*, o* effect #i.e., entity/department could supply services/resources to the university in a 4somewhat normal5 capacity by altering processes or procedures( : ; No ha*, o* effect #i.e., entity/department could to supply services/resour services/resources ces in a normal manner to the university(
3
. #he loss of you* you* depa*t,ent 5ould 5ould affect the follo5ing follo5ing *eadth of of ha*,< :chec4 all that apply; : ;
Potential endange*,ent to pulic health o* safety #i.e., the state, community, or any subset subset of population population served. This would include patient, student, and staff staff health or safety( safety( : ; &d+e*sely i,pact usiness1 o* o*gani@ation1 state agency1 office1 co,,ission1 oa*d1 uni+e*sity1 institution1 cente*1 p*og*a,1 o* othe* entity exte*nal to U#)B #i.e., would adversely impact outside entities eternal to +T* i.e., partnerships with other universities, research that supports other businesses, etc( : ; &d+e*sely i,pact U#)B only #i.e., would only impact +T*1s service level or integrity/reputation( : ; No ha*, o* effect :i.e.1 entityAdepa*t,ent could supply se*+icesA*esou*ces in a no*,al ,anne* to the uni+e*sity; 8. #he loss of you* depa*t,ent depa*t,ent 5ould ha+e the follo5ing follo5ing effect on U#)B ,issions :select :select one;< : ;
: ;
)ino* effect on one di+ision o* usiness unit #the loss of your department would be an inconvenience to one department or business unit of the university.( )ino* effect on the institution1 so,e di+isions1 o* usiness units #the loss of your department would be an inconvenience to several divisions or business units of the university(
: ;
)ode*ate effect on so,e di+isions o* usiness units #the loss of your department would cause some divisions to change procedures and the way their business functions are supplied to the university(
: ;
)ode*ate effect on the institution #the loss of your department would cause the university to alter the way they supply normal delivery processes( !atast*ophic effect on one di+ision o* usiness unit #the loss of your your department would cause seriously affect affect one division/business division/business unit1s unit1s the inability to provide normal services to the university( !atast*ophic effect on the institution1 so,e di+isions1 o* usiness units #the loss of your department would significantly impact normal services provided by the university.(
: ;
: ;
/. !ould this function e pe*fo*,ed pe*fo*,ed fo* a pe*iod of ti,e at a *educed ope*ating efficiency #i.e., degraded performance such as manual versus automated process( If yes1 fo* ho5 long # ( )ess than 67 hours # ( +p +p to 8 to 3 days # ( 9reater than 3 days # ( 9reater than 6 weeks &dditional co,,ents
0. 9o5 long could you* depa*t,ent e completely idle /i8e80 totally lost2 efo*e it expe*iences o* c*eates a significant ad+e*se i,pact #i.e., 4totally lost5 cannot perform its functions in any capacity for any reason( # # # #
( )ess than 67 hours ( +p +p to 8 to 3 days ( 9reater than 3 days ( 9reater than 6 weeks
&dditional co,,ents
. 9o5 long can the depa*t,ent continue to function 5ithout 5ithout its usual auto,ated info*,ation syste,s eithe* depa*t,ental o* cent*ali@ed U#)B syste,s :&ssu,e that loss of these syste,s occu*s du*ing the busiest0 or pea!0 %or! period82 %ess than 2 hou*s #Operation of the 'epartment has an etreme reliance on information system and requires immediate disaster recovery plans, which have been tested, for the replacement/access to either internal or centrally supported systems. / 2 Up to 3 to ? days #The department has a significant significant dependence on information systems. systems. - ma:or interruption of service delivery would occur if information systems were unavailable for 8 to 3 days. / 2 Up to 2 5ee4s #The 'epartment has a minimal reliance on information systems and, could function in a manual mode for up to two weeks at an acceptable service level.( / 2 )o*e than 2 5ee4s #The 'epartment process/procedures are not dependent upon information systems and can be accomplished in a manual mode for an etended period of time until systems become available with no impact to service delivery.(
/ 2
?
2. In the e+ent of a significant outage o* dis*uption1 5hen is the se+e*ity of i,pact ,o*e significant #i.e., if an outage occurs, are some months worse than others2 some days2 some hours2( !hec4 all that apply / 2 some months versus others / 2 some days of the week versus others / 2 certain times of the day / 2 certain times of the year #particular week of the month, month/quarter end, fiscal year end, etc.( / 2 no particular timing of an event is significantly greater than another
3. C*o, the list of exposu*es elo51 please indicate the *elati+e i,po*tance of each type to the institution using the *ating scale of 0 to 01 fo* the specific depa*t,ent. &lso using the scale of 0 to 1 indicate the se+e*ity of each i,pact and ho5 it 5ould escalate o+e* ti,e if the depa*t,ent 5as not ale to function. Exposure type
elative Importance Scale 9:;9 0 K no i,po*tance ? K ,ode*ate i,po*tance 0K ext*e,e i,po*tance
Impact Severity Scale 9= 1ours
-oss of revenue"cas1 flo% #'oes your department create revenue/cash flow to the university2(
-ost discounts #0ould the loss of your department create lost discounts2(
-ost interest earned #&f your department earns revenue/cash flow, would the loss of it also create lost interest earned2(
'ontractual fines"penalty #'oes your department perform contract work2 0ould there be fines or penalties, associated with not being able to fulfill these contracts2(
.ailure to deliver services"%or! product #0ould the loss of your department result in failure to deliver services/work product to anyon e2(
6
*p to ? to @ days
&reater t1an @ days
&reater t1an > %ee!s
Exposure type
elative Importance Scale 9:;9 0 K no i,po*tance ? K ,ode*ate i,po*tance 0K ext*e,e i,po*tance
Impact Severity Scale 9= 1ours
-oss of customers"reduced mar!et s1are"lost opportunity #0ould the loss of your department result in the loss of customers ;i.e. patients, students, research, etc< or the loss of market share or lost opportunity2(
Interest incurred #0ould the loss of your department result in some type of interest being incurred2(
Additional costs to recover #0ould the loss of your department require additional cost from acquisition of outside services, temporary employees, emergency purchases, rental/lease fees, wages paid to idle staff, relocation ep enses, capital outlays, etc2(
-iability"potential litigation #0ould the loss of your department/function result in liability or potential litigation2(
egulatory or non: compliance violations # 0ould the loss of your department violate regulatory practices resulting in the division/university being non= compliant2(
Accreditation jeopardy or violations #0ould the loss of your department :eopardi>e any institutiona l accreditation or violate terms of that accreditation2(
*p to ? to @ days
&reater t1an @ days
&reater t1an > %ee!s
. "pe*ational I,pacts :those i,pacts that a*e difficult to uantify ,oneta*ily ut can ha+e a significant1 longte*, effect on the institution - use sa,e scale as uestion 3;< Exposure type
elative Importance Scale 9:;9 0 K no i,po*tance ? K ,ode*ate i,po*tance 0K ext*e,e i,po*tance
Impact Severity Scale 9= 1ours
*p to ? to @ days
&reater t1an @ days
&reater t1an > %ee!s
!o,petiti+e &d+antage !onsu,e* !onfidence Repo*ting Reui*e,ents ,ployee )o*ale !usto,e* Se*+ice Staff Retention Eendo* Relations Ho*4 Bac4log
?. #he loss of you* depa*t,ent 5ould *esult in lost revenue"cas1 flo% f*o, fees1 collections1 inte*est1 penalties1 gifts1 g*ants1 etc. andAo* di,inish the depa*t,ent7s cost a+oidance capacity :i.e.1 fines1 penalties1 litigation1 etc.; (u*ing the indicated ti,e after t1e disaster1 the loss 5ould e< #ime .rame )ess than 67 hours
?@3AAB
@3AAB=@C
L)L?)
+p to 8 to 3 days
?@3AAB
@3AAB=@C
L)L?)
9reater than 3 days '*eate* than 2 5ee4s
?@3AAB
@3AAB=@C
L)L?)
L?00D
@3AAB=@C
L)L?)
6. #otal annual *e+enue fo* you* depa*t,ent< # # # # # # # #
( None ( ?@CAAB ( @CAAB=@3AAB ( @3AAB=@C ( @C=@3 ( @3=@CA ( @CA=@63 ( D@63
8
L?) L0) L?) L0) L?) L0) L?) L0)
ML0) ML0) ML0) ML0)
. #otal annual udgeta*y funding fo* you* depa*t,ent< # # # # # # #
( ?@CAAB ( @CAAB=@3AAB ( @3AAB=@C ( @C=@3 ( @3=@CA ( @CA=@63 ( D@63
8. Based upon you* expe*iences and 4no5ledge of you* en+i*on,ent1 select the state,ent that est *eflects the vulnerability of you* depa*t,ent to a p*olonged dis*uption o* outage. #ulnerability can be related to availability of its technology infrastructure, speciali>ed or unique equipment, or any other limiting factor.(
: ;
Not +ulne*ale #No known factors that would cause a prolonged outage.( So,e5hat +ulne*ale #There are some factors present that may cause a prolonged outage. Eperience indicates a low likelihood of occurrence.( Eulne*ale #There are factors present that may cause a prolonged outage. Eperience indicates a medium likelihood of occurrence.( xt*e,ely +ulne*ale #There are multiple factors present that may cause a prolonged outage. Eperience indicates a high likelihood of occurrence.(
: ;
: ;
: ;
/. #he *esto*ation co,plexity of a depa*t,ent is the *elati+e ,easu*e of ho5 difficult it 5ould e to *eco+e* the depa*t,ent to an acceptale le+el of se*+ice follo5ing a significant dis*uption. :!o,plexity can e *elated to a+ailaility of its technology inf*ast*uctu*e1 speciali@ed o* uniue euip,ent1 o* any othe* li,iting facto*.; Please *ate the co,plexity of you* depa*t,ent using the follo5ing definitions. : ;
:
:
:
20.
asily *eco+e*ale #-ssumes an alternate location and required information and/or data from off= premise storage.( ; So,e5hat *eco+e*ale #!ome information or elements may be difficult to replace in a reasonable timeframe.( ; (ifficult to *eco+e* #any of the elements of your department may be difficult to replace in a reasonable timeframe.( ; xt*e,ely difficult to *eco+e* #There are elements that would be etremely difficult to replicate or the timeframe is etremely long.( (oes you* depa*t,ent c*eate1 p*ocess1 ,anage1 o* sto*e identifiale *eco*ds on pe*sons *elati+e to confidentiality o* p*i+acy :chec4 all that apply; : ;
Info*,ation *elating to che,ical o* iological agents
/
: ; : ; : ;
: ; : ;
P*otected patient data #i.e., F&G-- implications( P*otected student data #i.e., $E%G- implications( Pe*sonal I( #i.e., social security numbers, employee numbers, drivers license numbers, credit card numbers, etc.( "the* pe*sonal data #i.e., physical addresses, phone numbers, pager numbers, email addresses, etc.( None
2. (oes you* depa*t,ent c*eate1 p*ocess1 ,anage1 o* sto*e info*,ation that 5ould e of co,,e*cial +alue to pa*ties exte*nal to U#)B :chec4 all that apply; : ; : ; : ;
Sensiti+e info*,ation #i.e. proprietary and/or research data, employee data, etc.( !onfidential Info*,ation #i.e. patient data, student data, social security numbers, etc.( "pe*ational Info*,ation #i.e., vendor list, contact information, business strategic plans, etc.(
22. %ist and *iefly desc*ie additional depa*t,ental facto*s1 issues o* conce*ns not add*essed in this su*+ey 5hich should e conside*ed 5hen e+aluating the i,pact of the loss of this usiness unit depa*t,ent. &lso1 please list additional ite,s you 5ould conside* i,po*tant fo* the de+elop,ent of *eco+e*y st*ategies and plans fo* you* depa*t,ent.
(epa*t,ent Point of !ontact< OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO (ate< OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
#han4 you fo* you* ti,e and effo*t in co,pleting this su*+ey.
20
3.2. Ris4 &nalysis #he B!P P*o=ect #ea, 5ill exa,ine each potential en+i*on,ental disaste* o* e,e*gency situation including1 ut not li,ited to1 o*gani@ed dis*uption :i.e. hu,an cause;F loss of utilities and se*+ices dis*uptionF euip,ent o* syste, failu*eF se*ious info*,ation secu*ity incidentsF and any othe* dis*uption caused y othe* e,e*gency situations not al*eady co+e*ed. ach of the ao+e potential th*eats1 as 5ell as any othe*s that ,ight e uniue to the indi+idual depa*t,ent o* function1 ,ust e exa,ined in detail and an analysis de+eloped to e+aluate the conseuences of each. ach scena*io should also e assessed fo* possiility o* occu**ence :p*oaility *ating;1 possile i,pact :i,pact *ating; and any co,pensating cont*ols that a*e in place. !o,pensating !ont*ols a*e inte*nal cont*ols that co,pensate fo* *is4. S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
.ormula for calculating potential ris!7
P*oaility Rating x I,pact Rating K Ris4 Scale of Ris4 %o5 Ris4
3 )ode*ate Ris4
2? 9igh Ris4
eturn to #able of 'ontents
2
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
3.2.2 n+i*on,ental (isaste*s
#he B!P P*o=ect #ea, has exa,ined each potential en+i*on,ental disaste* o* e,e*gency situation. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential en+i*on,ental disaste*s ha+e een assessed as follo5s< PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
9u**icane #o*nado Clood lect*ical Sto*,s Ci*e C*ee@ing !onditions
22
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
!onta,ination and n+i*on,ental 9a@a*ds pide,ic #+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent. eturn to #able of 'ontents
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
!onta,ination and n+i*on,ental 9a@a*ds pide,ic #+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent. eturn to #able of 'ontents
23
3.2.3 "*gani@ed and A o* (elie*ate (is*uption #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, Qo*gani@ed dis*uption. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s *esulting f*o, o*gani@ed dis*uption ha+e een assessed as follo5s< PO#E,#IA- DISAS#E
&cts of #e**o*is, &cts of Saotage &ct of Ha* #heft
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
3.2.3 "*gani@ed and A o* (elie*ate (is*uption #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, Qo*gani@ed dis*uption. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s *esulting f*o, o*gani@ed dis*uption ha+e een assessed as follo5s< PO#E,#IA- DISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O.
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
'O$PE,SA#I,& 'O,#O-S
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
&cts of #e**o*is, &cts of Saotage &ct of Ha* #heft
2
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
&*son
#+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
&*son
#+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
2?
3.2. %oss of Utilities and Se*+ices #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, loss of utilities and se*+ices. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s as a *esult of loss of utilities and se*+ices ha+e een assessed as follo5s<
PO#E,#IADISAS#E
lect*ical Po5e* %oss of 'as Supply %oss of Hate* Supply Pet*oleu, and "il
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
3.2. %oss of Utilities and Se*+ices #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, loss of utilities and se*+ices. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s as a *esult of loss of utilities and se*+ices ha+e een assessed as follo5s<
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
lect*ical Po5e* %oss of 'as Supply %oss of Hate* Supply Pet*oleu, and "il Sho*tage !o,,unications Se*+ices B*ea4do5n
26
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
%oss of (*ainageAHaste Re,o+al
#+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
%oss of (*ainageAHaste Re,o+al
#+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
2
3.2.? uip,ent o* Syste, Cailu*e #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, euip,ent o* syste, failu*e. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s as a *esult of euip,ent o* syste, failu*e ha+e een assessed as follo5s<
PO#E,#IADISAS#E
Inte*nal Po5e* Cailu*e &i* !onditioning Cailu*e
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
3.2.? uip,ent o* Syste, Cailu*e #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, euip,ent o* syste, failu*e. #he focus in this section1 is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s as a *esult of euip,ent o* syste, failu*e ha+e een assessed as follo5s<
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
Inte*nal Po5e* Cailu*e &i* !onditioning Cailu*e
28
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
uip,ent Cailu*e :excluding I# ha*d5a*e;
#+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
uip,ent Cailu*e :excluding I# ha*d5a*e;
#+se cut and paste facility to add further entries(
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent. eturn to #able of 'ontents
2/
3.2.6 Se*ious Info*,ation Secu*ity Incidents #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, se*ious info*,ation secu*ity incidents. #he focus in this section is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s as a *esult of se*ious Info*,ation Secu*ity incidents ha+e een assessed as follo5s< PO#E,#IADISAS#E
!ye* !*i,e %oss of Reco*ds o* (ata (isclosu*e of Sensiti+e Info*,ation
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
I$PA'# A#I,&
A#I,&
IS5
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
3.2.6 Se*ious Info*,ation Secu*ity Incidents #he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, se*ious info*,ation secu*ity incidents. #he focus in this section is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. Potential disaste*s as a *esult of se*ious Info*,ation Secu*ity incidents ha+e een assessed as follo5s< PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
I$PA'# A#I,&
A#I,&
IS5
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
!ye* !*i,e %oss of Reco*ds o* (ata (isclosu*e of Sensiti+e Info*,ation
30
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
I# Syste, Cailu*e
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
I# Syste, Cailu*e
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (E&S#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
3
3.2. "the* ,e*gency Situations #he B!P P*o=ect #ea, has exa,ined each potential disaste* *esulting f*o, othe* e,e*gency situations. #he focus in this section is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. "the* potential e,e*gency situations ha+e een assessed as follo5s< PO#E,#IADISAS#E
Ho*4place Eiolence Neigho*hood 9a@a*ds Island &ccessile
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
3.2. "the* ,e*gency Situations #he B!P P*o=ect #ea, has exa,ined each potential disaste* *esulting f*o, othe* e,e*gency situations. #he focus in this section is on the le+el of usiness dis*uption1 5hich could a*ise f*o, each type of disaste*. "the* potential e,e*gency situations ha+e een assessed as follo5s< PO#E,#IADISAS#E
POBABI-I#3 A#I,& /SEE #AB-E BE-O2
BIE. DES'IP#IO, O. 'O$PE,SA#I,& 'O,#O-S
IS5
I$PA'# A#I,&
A#I,&
/SEE #AB-E BE-O2
POBABI-I#3 x I$PA'# C
BIE. DES'IP#IO, O. PO#E,#IA- 'O,SE*E,'ES
Ho*4place Eiolence Neigho*hood 9a@a*ds Island &ccessile
S'OE 2 3 ?
POBABI-I#3 A#I,& -E+EER$ %"H %"H )(IU) 9I'9 ER$ 9I'9
S'OE 2 3 ?
I$PA'# A#I,& -E+EIRRI#&#IN' !"N#R"%%&B% !RI#I!&% (EIS#&#IN' #R)IN&%
I,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e een i,ple,ented to lessen the se+e*ity of e+ent. eturn to #able of 'ontents
32
. Bac4Up1 Reco+e*y and Resu,ption St*ategies #his section of the Plan should contain a list of the 4ey ad,inist*ation and ope*ational p*ocesses 5ith an indication of the c*iticality of the p*ocess 5ithin the dis*uption pe*iod. It is necessa*y to estalish standa*d ti,eands fo* ,easu*ing pe*iods 5hen1 du*ing an e,e*gency1 no*,al usiness se*+ices could eco,e una+ailale. #hese ti,eands a*e then applied to each 4ey usiness p*ocess and an assess,ent ,ade of the financial and ope*ational i,pact fo* outages. U#)B has estalished th*ee ti,eands fo* add*essing alte*nati+e p*ocedu*es. •
•
ScheduledA&nticipated "utage - this option assu,es that co,,unication as een ,ade to all depa*t,ents that do5nti,e 5ill occu* at a p*eposted data and ti,e du*ation :this is dete*,ined y the depa*t,ent;. Unscheduled "utage - Sho*t (u*ation - this option assu,es that the*e is a se*+ice
. Bac4Up1 Reco+e*y and Resu,ption St*ategies #his section of the Plan should contain a list of the 4ey ad,inist*ation and ope*ational p*ocesses 5ith an indication of the c*iticality of the p*ocess 5ithin the dis*uption pe*iod. It is necessa*y to estalish standa*d ti,eands fo* ,easu*ing pe*iods 5hen1 du*ing an e,e*gency1 no*,al usiness se*+ices could eco,e una+ailale. #hese ti,eands a*e then applied to each 4ey usiness p*ocess and an assess,ent ,ade of the financial and ope*ational i,pact fo* outages. U#)B has estalished th*ee ti,eands fo* add*essing alte*nati+e p*ocedu*es. •
•
•
ScheduledA&nticipated "utage - this option assu,es that co,,unication as een ,ade to all depa*t,ents that do5nti,e 5ill occu* at a p*eposted data and ti,e du*ation :this is dete*,ined y the depa*t,ent;. Unscheduled "utage - Sho*t (u*ation - this option assu,es that the*e is a se*+ice inte**uption1 ut is p*o=ected to e of a sho*tte*, du*ation :this is dete*,ined y the depa*t,ent;. Unscheduled "utage - %ong (u*ation - this option assu,es that the*e is a se*+ice inte**uption1 due to syste,s o* facilities1 fo* an extended pe*iod of ti,e :this is dete*,ined y the depa*t,ent;.
Identify the potential dis*uption and i,pact to each of these p*ocesses. &dditionally identify alte*nati+e ,ethods of handling each of these acti+ities. )anual ac4 up p*ocedu*es 5ill e de+eloped fo* &d,inist*ation and "pe*ations functions as these a*e usually *elati+ely easy to i,ple,ent 5hen I# syste,s a*e not a+ailale. #hese can often e suppo*ted y usiness o* office soft5a*e p*o+iding sp*eadsheet1 dataase and 5o*d p*ocessing capailities. #o *esu,e no*,al ope*ations it is essential to plan fo* the potentially co,plex acti+ities necessa*y to co,plete you* *eco+e*y p*ocess. "nce the e,e*gency is o+e*1 you ,ay need to t*ansition f*o, a ,anual p*ocess ac4 to an elect*onic p*ocess. #his ,ay in+ol+e extensi+e data ent*y and *econciling of data. In o*de* fo* this p*ocess to e effecti+e1 it ,ust e ca*efully planned and st*uctu*ed. Resu,ption St*ategy contains the fo*,at fo* *eco*ding acti+ities1 5hich need to e1 ca**ied out in p*io*ity seuence and 5hich pe*son o* tea,s a*e *esponsile fo* co,pleting those tas4s. Hhe*e supplies and +endo*s a*e *eui*ed to supply goods o* se*+ices1 as pa*t of the *esu,ption p*ocess then these acti+ities 5ill e in+ol+ed.
eturn to #able of 'ontents
33
.. Bac4Up1 Reco+e*y and Resu,ption St*ategies Identify each essential acti+ity1 along 5ith its potential dis*uption and i,pact of each p*ocess. &dditionally identify alte*nati+e ,ethods of handling each of these acti+ities along 5ith *esu,ption p*ocedu*es fo* *esu,ing no*,al ope*ations. ach acti+ity 5ill ha+e a sepa*ate g*id. ESSE,#IAA'#I+I#IES
S'4ED*-ED"A,#I'IPA#ED O*#A&E &enerally /#ime .rameFF2
*,S'4ED*-ED O*#A&E < S1ort Duration /#ime .rameFF2
*,S'4ED*-ED O*#A&E: -ong Duration G /#ime .rameFF2
:Na,e &cti+ity 9e*e; Potential Disruption
Potential Impact7
ecovery Strategy
esumption Strategy
eturn to #able of 'ontents
3
.2 Cacilities and ssential uip,ent Bac4Up and Reco+e*y St*ategies )any unexpected e+ents can affect facilities and essential euip,ent that a*e +ital to continuation of no*,al usiness acti+ities. #hese include fi*e1 flood1 hu**icane1 te**o*ist acti+ity1 etc. #he #ea, ,ust the*efo*e de+elop a plan of ho5 to continue to p*o+ide usiness se*+ices to its custo,e*s in the e+ent of a disaste*1 5hich affects eithe* its facilities o* essential euip,ent. He *eco,,end that each depa*t,ent contact and 5o*4 5ith Cacilities "pe*ations and )anage,ent :0/23?00; to otain alte*nati+e locations fo* cond ucting you* usiness functions. #his section of the Business !ontinuity Plan :B!P; 5ill contain details of such a**ange,ents and an esti,ate of potential costs.
.2 Cacilities and ssential uip,ent Bac4Up and Reco+e*y St*ategies )any unexpected e+ents can affect facilities and essential euip,ent that a*e +ital to continuation of no*,al usiness acti+ities. #hese include fi*e1 flood1 hu**icane1 te**o*ist acti+ity1 etc. #he #ea, ,ust the*efo*e de+elop a plan of ho5 to continue to p*o+ide usiness se*+ices to its custo,e*s in the e+ent of a disaste*1 5hich affects eithe* its facilities o* essential euip,ent. He *eco,,end that each depa*t,ent contact and 5o*4 5ith Cacilities "pe*ations and )anage,ent :0/23?00; to otain alte*nati+e locations fo* cond ucting you* usiness functions. #his section of the Business !ontinuity Plan :B!P; 5ill contain details of such a**ange,ents and an esti,ate of potential costs.
eturn to #able of 'ontents
3?
.2. Cacilities and ssential uip,ent Bac4Up and Reco+e*y St*ategies )any unexpected e+ents can affect facilities and essential euip,ent +ital to the continuation of no*,al usiness acti+ities. #his plan has the*efo*e een de+eloped to ensu*e a continued se*+ice to custo,e*s in the e+ent of a disaste* affecting eithe* the depa*t,ent7s A o* function7s facilities o* its essential euip,ent. #he depa*t,ent7s A o* function7s ac4up and continuity st*ategies fo* its facilities and essential euip,ent a*e as follo5s. ;8
.A'I-I#IES
,A$E O. .A'I-I#IES
A&EED BA'5:*P A,D 'O,#I,*I#3 S#A#E&3
#+se cut and paste facility to add further entries(
>8
ESSE,#IA- E*IP$E,#
,A$E O. E*IP$E,#
DES'IP#IO, O. E*IP$E,#
&g*eed Bac4up !ontinuity St*ategy
36
-O'A#IO,
'OS# ES#I$A#E #O EP-A'E
,A$E O. E*IP$E,#
DES'IP#IO, O. E*IP$E,#
&g*eed Bac4up !ontinuity St*ategy
#+se cut and paste facility to add further entries(
eturn to #able of 'ontents
3
-O'A#IO,
'OS# ES#I$A#E #O EP-A'E
.3 (epa*t,ental and Uni+e*sity I# Syste,s Bac4Up and Reco+e*y St*ategies In 'ene*al one of the ,ost i,po*tant aspects of Business !ontinuity Planning fo* the ,a=o*ity of depa*t,ents o* functions is in choosing an app*op*iate st*ategy fo* the ac4 up and *eco+e*y of the I# ased syste,s. In this section of the Plan1 the 4ey usiness p*ocesses a*e ,atched against the I# syste, and an app*op*iate ti,e f*a,e to co,plete *eco+e*y is chosen. #his section ,ay *eui*e indepth *esea*ch to dete*,ine the *ele+ant costs of each st*ategy. It ,ay also e necessa*y to p*epa*e a detailed Reuest fo* P*oposal fo* +endo*s to estalish the +iaility and cost of the p*efe**ed st*ategic app*oach. !onside*ation should also e gi+en to the i,pact of potential se+e*e da,age to oth facilities and co,,unication7s syste,s1 5hich could ha+e a significant i,pact on the depa*t,ent7s Ao* function7s I#1 se*+ices and syste,s.
eturn to #able of 'ontents
38
.3. (epa*t,ental and Uni+e*sity I# Syste,s Bac4Up and Reco+e*y St*ategies "ne of the ,ost i,po*tant aspects of Business !ontinuity Planning is choosing of an app*op*iate st*ategy fo* the ac4up and *eco+e*y of I# ased syste,s. !onside*ation has een gi+en to the i,pact on the depa*t,ent A o* function7s I# syste,s of potential se+e*e da,age to facilities o* co,,unications syste,s. & su,,a*y of the (epa*t,ental I# syste,s and the ag*eed ac4up st*ategy a*e listed elo5. ach depa*t,ent syste,s 5ill also need to de+elop disaste* *eco+e*yA*esto*ation p*ocedu*es. :see exa,ple of U#)B Info*,ation Se*+ices disaste* *eco+e*y docu,entation; ,A$E O. I# S3S#E$
E'O+E3 #I$E E*IED
5E3 B*SI,ESS PO'ESS S*PPO#ED
PO#E,#IA- I$PA'#
IS S$S#) B&!D( UP 9"H "C#N IS S$S#) B&!D( UP H9R &R B&!DUP #&PS DP# ("S #9IS S$S#) 9&E EI#&% %!#R"NI! R!"R(S &N(A"R (&#&<
&'R( B&!DUP S#R&#'$< :Hhat is you* st*ategy if syste, is not a+ailale;
&%#RN&# PRS"N RSP"NSIB% C"R S$S#)
PRS"N RSP"NSIB% C"R S$S#) :i.e. ,aintenance1 ac4up1 *esto*ation;
IS S$S#) B&!D( UP 9"H "C#N IS S$S#) B&!D( UP H9R &R B&!DUP #&PS DP#
&'R( B&!DUP S#R&#'$< :Hhat is you* st*ategy if syste, is not a+ailale;
&%#RN&# PRS"N RSP"NSIB% C"R S$S#)
PRS"N RSP"NSIB% C"R S$S#) :i.e. ,aintenance1 ac4up1 *esto*ation;
3/
& su,,a*y of the Uni+e*sity cent*ali@ed I# Syste,sA&pplications1 5hich suppo*t depa*t,ent functions1 and the Info*,ation Se*+ices contact info*,ation . #&t is &nformation !ervices responsibility to establish back=up strategy for the &T !ystem listed below(
,A$E O. I# S3S#E$
!a,pus (ata Net5o*4
5E3 B*SI,ESS PO'ESS S*PPO#ED
PO#E,#IA- I$PA'#
!onnecti+ity fo* data accessAexchange f*o, all se*+e*s on the ca,pus.
Inaility to accessAp*ocess data filed on any se*+e* on the ca,pus.
5E3 B*SI,ESS PO'ESS S*PPO#ED
PO#E,#IA- I$PA'#
IS 'O,#A'# I,.O$A#IO,H
IS 9elp (es4 - ext 2?200 ,A$E O. I# S3S#E$
IS 'O,#A'# I,.O$A#IO,7
eturn to #able of 'ontents
0
. St*ategies fo* P*otecting Nonlect*onic !*itical andAo* Sensiti+e (ocu,ents andAo* Reco*ds #he B!P P*o=ect #ea, has assessed oth elect*onic *eco*ds and pape* ased *eco*ds listed elo5 as eing +ital andAo* sensiti+e to the o*gani@ations usiness acti+ities. St*ategies fo* p*otecting and *eco+e*ing these docu,ents ha+e een *e+ie5ed and a*e docu,ented elo5.
Na,e of B*ief (esc*iption (ocu,entAReco*d
(oes this docu,ent hold confidential o* sensiti+e info*,ation :5hat type;
%ocation 9eld
Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<
Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,age
Na,e of B*ief (esc*iption (ocu,entAReco*d
(oes this docu,ent hold confidential o* sensiti+e info*,ation :5hat type;
%ocation 9eld
Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<
Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,age
Na,e of B*ief (esc*iption (ocu,entAReco*d
(oes this docu,ent hold confidential o* sensiti+e info*,ation :5hat type;
%ocation 9eld
Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<
Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,age
2
.? Dey Staff ,ployees a*e an i,po*tant and +aluale assets 5ho in an e,e*gency 5ill assist depa*t,ent A o* function in a uic4 *eco+e*y. )ain supplie*s of c*itical goods and se*+ices a*e also essential to continue to suppo*t *eco+e*y o f usiness ope*ations to no*,al ope*ating ,ode. $ou* (isaste* Reco+e*y Plan and B!P 5ill *ely p*incipally on 4ey ,e,e*s of ,anage,ent and staff 5ho 5ill p*o+ide the technical and ,anage,ent s4ills necessa*y to achie+e a s,ooth usiness *eco+e*y p*ocess. #hese 4ey ,e,e*s of ,anage,ent o* staff 5ill e selected and *esponsile fo* the i,ple,entation of the B!P in the e+ent of an e,e*gency. & 5ello*gani@ed and st*uctu*ed app*oach 5ill *educe the potential fo* the unexpected c*isis to eco,e un,anageale. #his info*,ation is fo* depa*t,ental use and 5ill not e gene*ally dist*iuted.
eturn to #able of 'ontents
3
.?. Dey Pe*sonnel Hhen an e,e*gency occu*s it is necessa*y to ha+e access to all 4ey pe*sonnel fo* the functional a*eas and syste,s affected y the c*isis. #his info*,ation should e ,ade a+ailale to the B!P *eco+e*y tea,s and should e constantly updated. #his section of the B!P 5ill contain a list of 4ey pe*sonnel1 thei* position1 functional a*ea1 and p*ocedu*es o* syste,s fo* 5hich they a*e *esponsile. #his section 5ill also include no*,al and e,e*gency contact info*,ation. #his info*,ation is fo* depa*t,ental use and 5ill not e gene*ally dist*iuted. (ue to changes in pe*sonnel :i.e. att*ition1 ,o+es1 etc it is *eco,,ended that this e tested and updated at least ua*te*ly.; ,A$E
DI+ISIO," DEPA#$E,#
.*,'#IO, O PO'ESS
O..I'E E)#8
.O 4I'4 ESPO,SIB-E
E$E&E,'3 'O,#A'# DE#AI-S /4ome0 Pager0 'ell P1one2
eturn to #able of 'ontents
-ast evision
.6 ,e*gency !ontact Info*,ation E)#E,A- E$E&E,'3 'O,#A'# ,*$BES
Police1 Ci*e and &,ulance / U#)B ,e*gency &le*t %ine - :0/; &le*t :2??8; #oll C*ee 8882?/ U#)B !a,pus "pe*ato* :0/; 20
I,#E,A- E$E&E,'3 'O,#A'# ,*$BES
&dd nu,e*s as needed. U#)B P"%I! U#)B CIR %IN "ffice of Uni+e*sity &d+ance,ent :call the, fo* ,edia co,,unication; C&!I%I#IS )&IN#N&N! P"IS"N !"N#R"% !N#R
2 22 2268
2?86 800666
%%%8utmb8edu"alert %%%8utsystem8edu"utmb"alert81tm
eturn to #able of 'ontents
?
. !*itical Supplies It is necessa*y to p*epa*e fo* e,e*gencies 5he*e the depa*t,ent7s supplies ,ay e dest*oyed o* unotainale th*ough usual sou*ces. Such an occu**ence could1 fo* exa,ple1 e caused th*ough fi*e o* flood da,age. #he depa*t,ent A o* function should decide on a suitale st*ategy to deal 5ith this situation1 5hich could include holding an e,e*gency stoc4 of supplies at an offsite location. <e*nati+ely1 the B!P could include a list of e,e*gency supplies1 5hich could e o*de*ed on a nextday deli+e*y asis. (etails of alte*nati+e supplie*s should also e included1 in the e+ent that you* no*,al supplie* is also affected y an e,e*gency. #his section of the B!P should include info*,ation on the supplies held offsite1 togethe* 5ith a list of ite,s that could e o*de*ed in an e,e*gency at sho*t notice. It should also list alte*nati+e supplie*s.
eturn to #able of 'ontents
6
.. !*itical Supplies In the e+ent of an e,e*gency 5he*e the depa*t,ent7s supplies a*e dest*oyed1 ac4up stoc4 can e otained f*o, offsite locations1 as follo5s. &lso listed elo5 a*e details of supplie*s 5ho can p*o+ide e,e*gency supplies on a nextday deli+e*y asis. ;8 I#)
'I#I'A- S*PP-IES S#O'5 4E-D O..:SI#E N&) "C %"!&#I"N
&((RSS "C %"!&#I"N
!"N#&!# PRS"N
!"N#&!# N".
#+se cut and paste facility to add further entries(
>8 I#)
?8
I#)
S*PP-IES #4A# 'A, BE ODEED O, A ,E)# DA3 BASIS .O$ E&*-A S*PP-IE N&) "C R'U%&R SUPP%IR
!"N#&!# PRS"N
!"N#&!# N".
A-#E,A#I+E S*PP-IES AB-E #O S*PP-3 O, ,E)# DA3 BASIS I. E&*-A S*PP-IES A..E'#ED B3 E$E&E,'3 N&) "C &%#RN&#IE SUPP%IR
eturn to #able of 'ontents
!"N#&!# PRS"N
!"N#&!# N".
.8 !*itical Eendo* (epending upon the natu*e of the disaste*1 it is feasile that +endo*s of c*itical se*+ices ,ay also e affected. #his can affect you* o5n ac4up and *eco+e*y a**ange,ents 5he*e you* depa*t,ent is dependent upon a pa*ticula* +endo* fo* that *eco+e*y p*ocess to e achie+ed successfully. It is i,po*tant the*efo*e that you* o5n 4ey +endo* also ha+e an effecti+e B!P fo* dealing 5ith e,e*gencies. $ou should *euest info*,ation f*o, you* +endo*s to ensu*e they ha+e this. #his section of the B!P should include a list of 4ey +endo*s the c*itical se*+ices they a*e supplying1 thei* no*,al contact info*,ation1 and thei* e,e*genc y contact info*,ation. Cu*the* conside*ation should e gi+en to +endo*s 5ho 5ould e ale to p*o+ide c*itical se*+ices in the e+ent of failu*e to deli+e* f*o, one of you* identified 4ey +endo*s.
eturn to #able of 'ontents
8
.8. !*itical Eendo*s
%isted elo5 a*e the depa*t,ent A function 4ey +endo*s 5ho ,ay need to e contacted in the e+ent of an e,e*gency. In the e+ent of these *egula* +endo*s a*e not ale to p*o+ide the se*+ices *eui*ed in an e,e*gency1 an alte*nati+e list of +endo*s has also een identified. ;8
E&*-A +E,DOS
,A$E O. +E,DO
>8
SE+I'ES PO+IDED
,O$A- 'O,#A'# DE#AI-S
E$E&E,'3 'O,#A'# DE#AI-S
,O$A- 'O,#A'# DE#AI-S
E$E&E,'3 'O,#A'# DE#AI-S
A-#E,A#I+E +E,DOS
,A$E O. +E,DO
SE+I'ES PO+IDED
/
?.0 Plan ducation and #*aining &ll staff should e t*ained in the usiness continuity p*ocess. #his is pa*ticula*ly i,po*tant 5hen the p*ocedu*es a*e significantly diffe*ent f*o, those pe*taining to no*,al ope*ations. #his t*aining ,ay e integ*ated 5ith the t*aining phase o* handled sepa*ately. & t*aining needs assess,ent ,ust e conducted to identity 5hat t*aining should e estalished. #he plan ,ust specify 5hich pe*son o* g*oup of pe*sons *eui*es 5hich type of t*aining. It is t is necessa*y fo* all ne5 o* *e+ised p*ocesses to e explained ca*efully to the staff. Co* exa,ple it ,ay e necessa*y to ca**y out so,e p*ocess ,anually if the I# syste, is do5n fo* any length of ti,e. #hese ,anual p*ocedu*es ,ust e fully unde*stood y the pe*sons 5ho a*e *eui*ed to ca**y the, out. Co* la*ge* o*gani@ations it ,ay e p*actical to ca**y out the t*aining in a class*oo, en+i*on,ent1 ho5e+e*1 fo* s,alle* o*gani@ations the t*aining ,ay e ette* handled in a 5o*4shop style. #his section of the B!P 5ill identify fo* each usiness p*ocess 5hat type of t*aining is *eui*ed and 5hich pe*sons o* g*oup of pe*sons need to e t*ained.
?. #*aining &ssess,ent 5E3 B*SI,ESS AEA
#3PE O. #AI,I,& E*IED
eturn to #able of 'ontents
?0
PESO,S O &O*PS #O BE #AI,ED
,O8 O. PESO,S
?.2 #*aining !o,pleted It is i,po*tant to 4eep a *eco*d of all e,ployees 5ho ha+e een t*ained in the B!P P*ocess. 5E3 B*SI,ESS AEA #AI,ED
PESO,S O &O*PS #O BE #AI,ED
eturn to #able of 'ontents
?
DA#E 'O$P-E#ED
6.0 Plan #esting &n untested plan can often e ,o*e of a hind*ance than help. #he aility of the B!P to e effecti+e in e,e*gency situations can only e assessed if *igo*ous testing is ca**ied out in *ealistic conditions. #he B!P #esting Phase contains i,po*tant +e*ification acti+ities1 5hich should enale the plan to stand up to ,ost dis*upti+e e+ents. #he B!P should e tested 5ithin a *ealistic en+i*on,ent1 5hich ,eans si,ulating conditions1 applicale in an actual e,e*gency. It is also i,po*tant that the pe*sons 5ho 5ould e *esponsile fo* those acti+ities in a c*isis ca**y out the tests. In ,ost cases a taletop test 5ill e conducted. & scena*io 5ill e gi+en to you* B!P g*oup along 5ith uestions that 5ill need to e ans5e*ed du*ing the test. eturn to #able of 'ontents
?2
.0 Plan )aintenance It is necessa*y fo* the B!P updating p*ocess to e p*ope*ly st*uctu*ed and cont*olled. #his 5ould include an e+aluation of the (isaste* Reco+e*y Plan :I# Plan; fo* potential change due to the dyna,ic natu*e of the th*eat population and syste, configu*ation Hhene+e* changes a*e ,ade to the B!P they a*e to e fully tested and app*op*iate a,end,ents should e ,ade to the t*aining ,ate*ials. #his 5ill in+ol+ed the use of fo*,ali@ed change cont*ol p*ocedu*es unde* the cont*ol of the B!P #ea, %eade*. #he follo5ing fo*, should e used fo* the *euest and app*o+al of such changes. Collo5ing app*o+ed changes to the plan1 it is i,po*tant that the B!P leade*1 B!P *eco+e*y tea,1 xecuti+e Sponso* and the IR) a*e 4ept fully info*,ed.
eturn to #able of 'ontents
?3
. #est all !hanges to Plan Hhene+e* the*e is a change to the B!P Plan a co,plete test should e ca**ied out and docu,ented. Collo5 the app*op*iate test p*ocedu*es as outlined in Section ? of this plan.
eturn to #able of 'ontents
?
8.0 Post Incident &nalysisARepo*t "n co,pletion of any incident1 that i,pacts you* deli+e*y of no*,al se*+ice1 the B!P #ea, should p*epa*e an incident analysis on you* B!P plan. #his is to assess the adeuacy of the plan and any deficiencies. #he p*incipal o+e*all o=ecti+es in conducting the post incident analysis a*e toF +e*ify that the usiness *eco+e*yA*esu,ption plans a*e cu**ent and up to date1 that the *eco+e*yA*esu,ption plan pe*fo*,ed effecti+ely and *eco+e*ed the affected functions1 identify a*eas of the plan to i,p*o+e1 e+aluate the flo5 of co,,unications1 and e+aluate the effecti+eness of the plan.
??
8. Post Incident &nalysis #he B!P tea, has *e+ie5ed the follo5ing incident.
(ate of incident<
#i,e<
(esc*iption of incident<
Hhat c*itical functionAfunctions 5e*e inte**upted du*ing this incident
(id you* B!P add*ess the *eco+e*y of the inte**upted c*itical function effecti+ely
If not1 5hat a*eas of the *eco+e*y plan can e i,p*o+ed
(id co,,unication flo5 effecti+ely
Hhe*e the*e any p*ole,s getting o* *ecei+ing co,,unications
Hhe*e all phone nu,e*s accu*ate and a+ailale
?6
Hhat changes need to e ,ade to the B!P
Hho 5ill e ,a4ing the changes to the plans
Hill changes need to e tested
Hho 5ill app*o+e the changes ,ade to the B!P
Hho 5ill e *epo*ting changes ,ade to the xecuti+e Sponso* of the plan
?
/.0 'lossa*y of #e*,s
Act of Sabotage7 &n act of saotage is the delie*ate se*ious dis*uption of an o*gani@ation7s acti+ities 5ith an atte,pt to disc*edit o* financially da,age the o*gani@ation. Business 5ill often e i,,ediately and se*iously affected y successful acts of saotage. #his can affect the no*,al ope*ations and also se*+e to destaili@e the 5o*4fo*ce. &n inte*nal attac4 on the I# syste,s th*ough the use of ,alicious code can e conside*ed to e an act of saotage. Act of terrorism7 &cts of te**o*is, include explosions1 o, th*eats1 hostage ta4ing1 saotage and o*gani@ed +iolence. Hhethe* this is pe*pet*ated th*ough a *ecogni@ed te**o*ist o*gani@ation o* a +iolent p*otest g*oup1 the effect on indi+iduals and usiness is the sa,e. Such acts c*eate unce*tainty and fea* and se*+e to destaili@e the gene*al en+i*on,ent. Act of ar7 &n act of 5a* is the co,,ence,ent of hostilities et5een one count*y and anothe*. #his could ta4e the fo*, of ai* st*i4es1 g*ound st*i4es1 in+asion o* loc4ades. Business could e i,,ediately affected 5he*e they a*e eithe* located nea* the out*ea4 of hostilities o* 5he*e they a*e dependent upon i,po*ts o* expo*ts fo* su*+i+al. )any usinesses do not su*+i+e a p*olonged out*ea4 of 5a*. Air conditioning failure7 &n ai* conditioning :&!; failu*e could ha+e se*ious conseuences 5he*e the &! unit is p*otecting pa*ticula*ly sensiti+e euip,ent such as a ,ain co,pute* p*ocessing unit1 and the *ise in te,pe*atu*e could cause the euip,ent to fail and e da,aged. It can also affect the 5o*4fo*ce as conditions in uildings can eco,e ext*e,ely unco,fo*tale 5ith a significant *ise in te,pe*atu*es and 5he*e the staff is ad+e*sely affected. Po*tale &! euip,ent ,ay possile e used as ac4 up. Alert7 & fo*,al notification that an incident has occu**ed 5hich ,ay de+elop into a disaste*. Alternate Site7 & location 5he*e c*itical usiness functions can *esu,e p*ocessing in the e+ent of an inte**uption o* disaste*. Arson7 &*son is the delie*ate setting of a fi*e to da,age the o*gani@ations p*e,ises and contents. &s this can cause oth loss of p*e,ises and loss of goods and othe* assets1 this can e highly dis*upti+e to the o*gani@ation. Building denial7 &ny da,age1 failu*e o* othe* condition1 5hich causes denial of access to the uilding o* the 5o*4ing a*ea 5ithin the uilding1 e.g. fi*e1 flood1 conta,ination1 loss of se*+ices1 ai* conditioning failu*e1 and fo*ensics.
?8
Business 'ontinuity Plan7 & collection of p*ocedu*es and info*,ation that is de+eloped and ,aintained in *eadiness fo* use in the e+ent of an e,e*gency o* disaste*. Business 'ontinuity Planning /B'P27 P*epa*ations ,ade to 4eep a usiness *unning du*ing and afte* a disaste*1 ensu*ing the a+ailaility of those *esou*ces *eui*ed to ,aintain the ongoing +iaility of the o*gani@ation. Business 'ontinuity #eam -eader7 & ,e,e* of the *eco+e*y ,anage,ent tea, 5ho is assigned the o+e*all *esponsiility fo* coo*dinato* of the *eco+e* y planning p*og*a, ensu*ing tea, ,e,e* t*aining1 testing and ,aintenance of *eco+e*y plans. Business impact analysis /BIA27 & ,anage,ent le+el analysis1 5hich identifies the i,pacts of losing co,pany *esou*ces. #he BI& ,easu*es the effect of *esou*ces loss and escalating losses o+e* ti,e in o*de* to p*o+ide senio* ,anage,ent 5ith *eliale data upon 5hich to ase decisions on *is4 ,itigation and continuity planning. Business Impact Assessment /BIA27 &s4 the follo5ing uestions< 9o5 ad can things get Hhat a*e the ,ost i,po*tant *esou*ces1 syste,s1 outputs1 and dependencies y usiness function Hhat i,pact does una+ailaility ha+e 'old Site7 "ne o* ,o*e data cente*s o* office space facilities euipped 5ith sufficient p*eualified en+i*on,ental conditioning1 elect*ical connecti+ity1 co,,unications access1 configu*ale space and access to acco,,odate the installation and ope*ation of euip,ent y c*itical staff *eui*ed to *esu,e usiness ope*ations. 'ommand 'enter < #his is the location set up fo* ,anage,ent and B!P to ope*ate f*o, du*ing e,e*gency situations. #he continuity plan docu,ent and othe* needed *esou*ces should e ,aintained the*e. 'ommunications services brea!do%n7 )ost usinesses a*e fully dependent upon thei* teleco,,unications se*+ices to ope*ate thei* no*,al usiness p*ocesses and to enale thei* net5o*4s to function. & dis*uption to the teleco,,unications se*+ices can *esult in a usiness losing *e+enue and custo,e*s. #he use of cellased telephones can help to alle+iate this ut the ,ain *eliance is li4ely to e on the land ased lines. 'ontamination and Environmental 4azards7 !onta,ination and en+i*on,ental ha@a*ds include polluted ai*1 polluted 5ate*1 che,icals1 *adiation1 asestos1 s,o4e1 da,pness and ,ilde51 toxic 5aste and oil pollution. )any of these conditions can dis*upt usiness p*ocesses di*ectly and1 in addition1 cause sic4ness a,ong e,ployees. #his can *esult in p*osecution o* litigation if ,o*e pe*,anent da,age to e,ployees7 health occu*s. 'ontrollable7 U#)B 5ould e ale to exe*cise *est*aint and di*ect influence o+e* the e+ent1 *e,aining in *elati+e cont*ol of usiness.
?/
'risis7 &n ano*,al situation1 o* pe*ception1 5hich th*eatens the ope*ations1 staff1 custo,e*s o* *eputation of an ente*p*ise. 'ritical7 U#)B 5ould find that uality1 se*+ice1 andAo* p*ope*ty could suffe*1 causing a change o* dis*uption in usiness *esulting in a ,ode*ate state of c*isis o* e,e*gency. 'ritical Business .unctions < #hose functions conside*ed essential to the ongoing ope*ation of the o*gani@ation o* usiness unit. !*itical functions also include anything that ,ight ad+e*sely i,pact se*+ice deli+e* o* significantly i,pai* the ad,inist*ati+e o* financial integ*ity of the o*gani@ation. 'yber crime7 !ye* c*i,e is a ,a=o* a*ea of info*,ation secu*ity *is4. It includes attac4s y hac4e*s1 denial of se*+ice attac4s1 +i*us attac4s1 hoax +i*us 5a*nings and p*e,editated inte*nal attac4s. &ll cye* c*i,e attac4s can ha+e an i,,ediate and de+astating affect on the o*gani@ation7s no*,al usiness p*ocess. #he a+e*age cost of an info*,ation secu*ity incident has een esti,ated at 301000 and o+e* 60T of o*gani@ations a*e *epo*ted to expe*ience one o* ,o*e incident e+e*y yea*. Devastating7 U#)B se*+ices 5ould e significantly deg*aded1 ut 5ould e ale to conduct usiness. Disaster ecovery 'oordinator7 &cti+ates (isaste* Reco+e*y Plan. Ho*4s 5ith ad,inist*ation1 ad+iso*y co,,ittees1 and (isaste* Reco+e*y #ea, to allocate *esou*ces and coo*dinate i,ple,entation of the (isaste* Reco+e*y Plan. Se*+es as the p*i,a*y contact and coo*dinates the *eco+e*y effo*t. Insu*es that status of the *eco+e*y effo*t is co,,unicated to the app*op*iate le+els of the o*gani@ation. Insu*es that a post ,o*te, *e+ie5 is conducted and that upg*ades a*e inco*po*ated into the plan as app*op*iate. Disaster ecovery Planning /DP27 #ypically1 the technology aspects of a usiness continuity plan1 to *eco+e* info*,ation syste, *esou*ces to full o* pa*tial p*oduction p*ocessing le+els in the e+ent of an extended outage. No*,ally1 info*,ation syste, *esou*ces 5ill e *esto*ed acco*ding to a p*io*ity indicated y 5hat is Q,ission c*itical to the o*gani@ation. Disclosure of sensitive information7 #his is a se*ious info*,ation secu*ity incident1 5hich can *esult in se+e*e e,a**ass,ent1 financial loss1 and e+en litigation 5he*e da,age has een caused to so,eone7s *eputation o* financial standing. Cu*the* types of se*ious disclosu*e in+ol+e sec*et patent info*,ation1 plans and st*ategic di*ections1 *esea*ch1 info*,ation disclosed to legal *ep*esentati+es etc. (elie*ate unautho*i@ed disclosu*e of sensiti+e info*,ation is also *efe**ed to as espionage. Electrical Storms7 the i,pact of lightning st*i4es can e significant. It can cause dis*uption to po5e* and can also cause fi*es. It ,ay also da,age elect*ical euip,ent including co,pute* syste,s. St*uctu*al da,age is also possile th*ough falling t*ees o* othe* o=ects.
60
Electrical po%er failure7 &ll o*gani@ations depend on elect*ical po5e* to continue no*,al ope*ations. Hithout po5e* the o*gani@ation7s co,pute*s1 lights1 telephones and othe* co,,unication ,ediu, 5ill not e ope*ational and the i,pact on no*,al usiness ope*ation can e de+astating. &ll o*gani@ations should e p*epa*ed fo* a possile elect*ical po5e* failu*e1 as the i,pact can e so se+e*e. (ata can e lost1 custo,e*s can e lost and the*e can e a se*ious i,pact on *e+enue. P*eplanning is essential as a *egional outage can cause a sho*tage of ac4up elect*ical gene*ato*s. Epidemic7 &n epide,ic can occu* 5hen a contagious illness affects a la*ge nu,e* of pe*sons 5ithin a count*y o* *egion. #his can ha+e a pa*ticula*ly de+astating sho*t te*, i,pact on usiness th*ough a la*ge nu,e* of pe*sons eing asent f*o, 5o*4 at the sa,e ti,e. !e*tain illnesses can ha+e a longe*te*, effect on the usiness 5he*e long te*, illness o* death *esults. &n exa,ple of this ext*e,e situation is occu**ing in !hina no5 5ith the epide,ic of S&RS. EJuipment .ailure /excluding I# 1ard%are27 &ll usinesses *ely on a 5hole *ange of diffe*ent types of euip,ent in o*de* to *un thei* usiness p*ocesses. In ,any cases1 it is possile to ,o+e to alte*nati+e p*ocesses to enale the usinesses p*ocess to continue ut his *eui*ed conside*ale planning and p*epa*ation. .ire7 Ci*es a*e often de+astating and can e sta*ted th*ough a 5ide *ange of e+ents1 5hich ,ay e accidental o* en+i*on,ental. #he i,pact on the usiness 5ill +a*y depending on the se+e*ity of the fi*e and the speed 5ithin 5hich it can e *ought unde* cont*ol. & fi*e can cause hu,an in=u*y o* death and da,age can also e caused to *eco*ds and euip,ent and the fa*ic o* st*uctu*e of p*e,ises. .lood7 Cloods *esult f*o, thunde*sto*,s1 t*opical sto*,s1 sno5 tha5s o* hea+y and p*olonged *ainfallcausing *i+e*s to o+e*flo5 thei* an4s and flood the su**ounding a*eas. Cloods can se*iously affect uildings and euip,ent causing po5e* failu*es and loss of facilities and can e+en *esult in in=u*y o* death. .reezing 'onditions7 C*ee@ing conditions can occu* in 5inte* pe*iods and the effects can e de+astating. Hhe*e te,pe*atu*3es fall in excess of - 30 !entig*ade they can c*eate conditions1 5hich significantly dis*upt usinesses and e+en cause death o* in=u*y. Businesses and ho,es can e se*iously affected th*ough u*st pipes1 inadeuate heating facilities1 dis*uption to t*anspo*tation and ,alfunctioning euip,ent. Ho*4 unde*ta4en outside of uildings in the open en+i*on,ent 5ill o+iously e se*iously affected. 4ot Site7 & data cente* facility o* office facility 5ith sufficient ha*d5a*e1 co,,unications inte*faces and en+i*on,entally cont*olled space capal e of p*o+iding *elati+ely i,,ediate ac4up data p*ocessing suppo*t. 4urricane7 9u**icanes a*e sto*,s 5ith hea+y ci*cula* 5inds exceeding 60 ,iles pe* hou*. #he hu**icane contains oth ext*e,ely st*ong 5inds and to**ential *ain. 9u**icanes can cause flooding1 ,assi+e st*uctu*al da,age to ho,es and usiness p*e,ises 5ith associated po5e* failu*es1 and e+en in=u*y and death.
6
Impact7 I,pact is the cost to the ente*p*ise1 5hich ,a y o* ,ay not e ,easu*ed in pu*ely financial te*,s. Incident7 &ny e+ent1 5hich ,ay e1 o* ,ay lead to1 a disaste*. Information Security7 #he secu*ing o* safegua*ding of all sensiti+e info*,ation1 elect*onic o* othe*5ise1 5hich is o5ned y an o*gani@ation. Internal arrangement7 "the* *oo,s 5ithin the o*gani@ation could e euipped to suppo*t usiness functions :i.e.1 t*aining *oo,s1 cafete*ias1 confe*ence *oo,s1 etc; Internal po%er failure7 &n inte*nal po5e* failu*e is an inte**uption to the elect*ical po5e* se*+ices caused th*ough inte*nal euip,ent o* caling failu*e. #his type of fault 5ill need to e *epai*ed y a ualified elect*ician and delays 5ill ine+itale i,pact on the usiness p*ocess. Hhe*e pa*ticula*ly se*ious faults ha+e occu**ed1 such as da,age to ,ain cales1 the *epai*s could ta4e so,e ti,e and could ha+e a se+e*e effect on the usiness. Irritating7 U#)B 5ould e ale to exe*cise *est*aint and di*ect influence o+e* the e+ent1 *e,aining in *elati+e cont*ol of usiness. -oss of drainage " %aste removal7 #he loss of d*ainage o* 5aste *e,o+al is li4ely to cause a se*ious sanitation and health issue fo* ,ost usinesses. #his is li4ely to i,pact on the usiness th*ough the possile loss of its 5o*4fo*ce du*ing the pe*iod 5he*e d*ainage se*+ices a*e not a+ailale. #his1 in tu*n1 5ill ha+e an i,,ediate i,pact on *e+enue. -oss of gas supply7 #he loss of gas supply can e ext*e,ely se*ious 5he*e the usiness *elies on gas to fuel eithe* its p*oduction p*ocesses o* p*o+ide heating 5ithin its p*e,ises. #he i,pact that a loss of gas supply can ha+e on the p*oduction p*ocess can *esult in the 5hole p*ocess shutting do5n. #he i,pact on the o*gani@ation 5ill also e pa*ticula*ly acute 5he*e the loss of gasfi*ed heating could *ende* the p*e,ises unusale du*ing pe*iods of lo5 exte*nal te,pe*atu*es. -oss of records or data7 #he loss of *eco*ds o* data can e pa*ticula*ly dis*upti+e 5he*e poo* ac4up and *eco+e*y p*ocedu*es *esult in the need to *einput and *eco,pile the *eco*ds. #his is no*,ally a slo5 p*ocess and is pa*ticula*ly lao* intensi+e. #his can *esult in an inc*ease in costs th*ough additional 5o*4ing hou*s and a g*eat deal of e,a**ass,ent 5he*e info*,ation is unexpectedly not a+ailale. -oss of %ater supply7 #he loss of the 5ate* supply is li4ely to close do5n a usiness p*e,ises until the supply is *esto*ed. Hhe*e the 5ate* is used in the p*oduction p*ocess this is pa*ticula*ly se*ious. #he loss of 5ate* supply is also a health and safety issue as ,ini,u, sanita*y needs cannot e ,et. #his is often caused th*ough a fault in a 5ate* supply *oute o* as a *esult of a pa*ticula*ly se+e*e d*ought.
62
Island accessibility7 Since 'al+eston is an island and has li,ited accessiility1 access to the island y e,ployees1 supplies and custo,e*s 5ill need e+aluated and assessed. I# system failure7 Hith the al,ost total le+el of dependence on I# syste,s 5ithin the +ast ,a=o*ity of usinesses1 a failu*e to these syste,s can e pa *ticula*ly de+astating. #he types of th*eats to co,pute* syste,s a*e ,any and +a*ied1 including ha*d5a*e failu*e1 da,age to cales1 5ate* lea4s and fi*es1 ai* conditioning syste, failu*es1 net5o*4 failu*es1 application syste, failu*es1 teleco,,unications euip,ent failu*es etc. ,eig1bor1ood 1azard7 & neigho*hood ha@a*d is defined as a dis*upti+e e+ent in the close +icinity1 5hich di*ectly o* indi*ectly affects you* o5n p*e,ises and e,ployees. &n exa,ple 5ould e seepage of ha@a*dous 5aste o* the escape of toxic gases f*o, a local che,ical plant. 9ealth and safety *egulations *eui*e that the o*gani@ation ta4e suitale action to p*otect its e,ployees. #his ,ay ha+e se+e*e dis*upti+e i,plications fo* the usiness pa*ticula*ly 5he*e it can ta4e so,e ti,e to clea* the ha@a*d. Off:site location7 & sto*age facility at a safe distance f*o, the p*i,a*y facility1 5hich is used fo* housing *eco+e*y1 supplies1 euip,ent1 +ital *eco*ds etc. Operational Impact7 &n i,pact1 5hich is not uantifiale in financial te*,s ut its effects1 ,ay e a,ong the ,ost se+e*e in dete*,ining the su*+i+al of an o*gani@ation follo5ing a disaste*. Outage7 #he inte**uption of auto,ated p*ocessing syste,s1 suppo*t se*+ices o* essential usiness ope*ations that ,ay *esult in the o*gani@ation7s inaility to p*o+ide se*+ice fo* so,e pe*iod of ti,e. Period of #olerance7 #he pe*iod of ti,e in 5hich an incident can escalate to a potential disaste*. Petroleum and oil s1ortage7 Co* ,ost count*ies in the 5o*ld1 a pet*oleu, sho*tage can occu* at any ti,e. #his has a se*ious i,pact on usinesses as *ationing is li4ely to e i,posed i,,ediately affecting t*anspo*tation and the no*,al ope*ations of diesel o* pet*ol fuelled ,achine*y. eciprocal arrangement7 &n ag*ee,ent in 5hich t5o pa*ties ag*ee to allo5 the othe* to use thei* site1 *esou*ces o* facilities du*ing a disaste*. ecovery Point Objective /PO27 #his is defined y the data content o5ne* of an I# application. It is the point in ti,e that the application ,ust e *esto*ed to. ecovery #ime Objective /#O27 #his is defined y the data content o5ne* fo* an I# application. It is the ti,e f*o, disaste* decla*ation to the *esto*ation of the application.
63
esumption7 #he p*ocess of planning fo* andAo* i,ple,enting the *eco+e*y of c*itical usiness ope*ations i,,ediately follo5ing an inte**uption o* disaste*. is! Assessment K $anagement7 #he identification and e+aluation of ope*ational *is4s that pa*ticula*ly affect the ente*p*ise7s aility to function and add*essing the conseuences. is! eduction or $itigation7 #he i,ple,entation of the p*e+entati+e ,easu*es1 5hich *is4 assess,ent1 has identified. Scenario7 & p*edefined set of e+ents and conditions1 5hich desc*ie an inte**uption1 dis*uption o* disaste* *elated to so,e aspect :s; of an o*gani@ation7s usiness fo* pu*poses of exe*cising a *eco+e*y plan :s;. Self:service7 &n o*gani@ation o* usiness function can t*ansfe* 5o*4 to anothe* of it7s o5n locations. Service -evel Agreement /S-A27 &n ag*ee,ent et5een a se*+ice p*o+ide* and se*+ice use* as to the natu*e1 uality1 a+ailaility and scope of the se*+ice to e p*o+ided. Site access denial7 &ny distu*ance o* acti+ity 5ithin the a*ea su**ounding the site 5hich *ende*s the site una+ailale1 e.g. fi*e1 flood1 *iot1 st*i4e1 loss of se*+ices1 fo*ensics. #he site itself ,ay e unda,aged. System ecovery7 #he p*ocedu*es fo* *euilding a co,pute* syste, to the condition 5he*e it is *eady to accept data and applications. Syste, *eco+e*y depends on ha+ing access to suitale ha*d5a*e. #erminal7 U#)B 5ould e unale to achie+e its co*e pu*pose and unale to conduct its ,ission #1eft7 #his ha@a*d could *ange f*o, the theft of goods o* euip,ent to the theft of ,oney o* othe* +aluales. In addition to possile financially da,aging the o*gani@ation1 they can cause suspicion and unce*tainty 5ith the 5o*4fo*ce 5he*e it ,ay e elie+ed that one o* ,o*e of the, could ha+e een in+ol+ed. #ornado7 #o*nadoes a*e tight colu,ns of ci*cling ai* c*eating a funnel shape. #he 5ind fo*ces 5ithin the to*nado can *each o+e* 200 ,iles pe* hou*. #o*nadoes can often t*a+el in excess of ?0 ,iles pe* hou*. #hey can cause significant st*uctu*al da,age and can also cause se+e*e in=u*ies and death. +ital ecords7 &ll data and info*,ation *eui*ed to suppo*t usiness functions :i.e.1 histo*ical1 *egulato*y *eui*e,ents including1 ut not li,ited to1 policy and p*ocedu*es ,anuals1 input docu,ents o* data1 ,anuals fo* soft5a*e and othe* applications1 +endo*Acusto,e* lists 5ith phone nu,e*s1 and ac4up tape files.; &dditionally1 these *eco*ds should e ,aintained offsite at a thi*d pa*ty +endo* o* co,,and cente*.
6
View more...
Comments
