Business Continuity Plan

If you need assistance in filling out any of this plan
Please contact Randy Jones at ext. 23868.

BUSINSS !"N#INUI#$
P%&N
'UI(%INS &N(
#)P%&#S


Int*oduction

#he Uni+e*sity of #exas )edical B*anch and its e,ployees ha+e faced ,any disaste*s -
f*o, the ./00 Sto*,1 the #exas !ity (isaste* of ./23 to hu**icanes !a*la in ./6.1 &licia
in ./831 and lastly hu**icane I4e in 2008. In o*de* to ,aintain ou* status as one of the
leading health ca*e institutions in the nation1 5e ,ust continue to 6e p*epa*ed fo* these
and othe* potential disaste*s.

#he onset of ho,eland te**o*is, in the United States1 coupled 5ith the 'ulf !oast7s
+ulne*a6ility fo* natu*al disaste*s ,a4e it essential fo* U#)B to ensu*e that plans a*e in
place1 tested t*ue1 and +ia6le1 should 5e find ou*sel+es in a th*eatening situation - 6e it
,an8,ade o* natu*al.

#he*efo*e1 in *esponse to these challenges and in align,ent 5ith the 9o,eland Secu*ity
&ct1 the #exas State Inf*ast*uctu*e P*otection !o,,ittee1 and State of #exas (epa*t,ent
of Info*,ation Resou*ces :(IR;1 Info*,ation Se*+ices at U#)B has 6een as4ed to
de+elop a ,odel Business !ontinuity Plan to assist you in de+eloping and testing 5o*4
plans fo* you* o5n a*eas. Ulti,ately1 you* plans should 6e st*uctu*ed to ,a4e it possi6le
to continue to do 6usiness and function du*ing and afte* 5hate+e* c*isis ,ay a*ise.

IS 5ill also identify *esou*ces and coo*dinate the p*ocess fo* de+eloping1 testing and
e+aluating these plans. !*itical functional a*eas ha+e 6een identified to pa*ticipate in this
p*ocess and 5ill continue to 6e add*essed on an ongoing 6asis. #his yea*7s plan c*eation
and testing 5ill include In+ision1 Signatu*e1 and PI!.

(e+eloping a Business !ontinuity Plan is a ,ulti8di,ensional p*ocess and includes a
nu,6e* of phases as p*esc*i6ed 6y the (IR. #hese phases include< P*o=ect Initiation1
Business I,pact &nalysis1 Reco+e*y St*ategies1 Plan (e+elop,ent1 #esting1 and
)aintenance > #*aining - all of 5hich 5ill 6e add*essed at U#)B.

It is i,pe*ati+e that each of ou* leade*s suppo*t and coope*ate in the de+elop,ent of the
plans that 5ill 4eep U#)B ope*ating th*ough the ,ost difficult of ti,es.
Executive Summary

&n xecuti+e Su,,a*y of the Business !ontinuity Plan 5ill need to 6e const*ucted.
#his 5ill 6e a 6*ief o+e*+ie5 of you* plan7s *eco+e*y st*ategy. #his should 6e done afte*
you ha+e co,pleted section fou* :2; of this te,plate.

**** Examples from other Plans
#a6le of !ontents

.. Organizational Information of Plan

... xecuti+e Sponso*

..2 #ea, %eade*

..3 B!P P*o=ect #ea,

..3.. Select and Notify B!P P*o=ect #ea, #e,plate

..3.2 )ission !*itical &cti+ities

..2 Plan &pp*o+al

..? P*o=ect Plan

2. Objectives and Deliverables

2.... P*o=ect "6=ecti+es and (eli+e*a6les

3. Business Impact Analysis and is! Analysis

3.... Business I,pact &nalysis

3.2.2 n+i*on,ental (isaste*s

3.2.3 "*gani@ed and A o* (eli6e*ate (is*uption

3.2.2 %oss of Utilities and Se*+ices

3.2.? Buip,ent o* Syste, Cailu*e

3.2.6 Se*ious Info*,ation Secu*ity Incidents

3.2.3 "the* ,e*gency Situations

2. Business Interruption ecovery Plans

2.. Bac4up1 Reco+e*y and Resu,ption St*ategy

2.... Bac4up1 Reco+e*y and Resu,ption St*ategy #e,plate

2.2 Cacilities > ssential Buip,ent Bac4up and Reco+e*y St*ategy

2.2.. Cacilities > ssential Buip,ent Bac4up and Reco+e*y St*ategy
#e,plate

2.3 (epa*t,ental and Uni+e*sity I# Syste,s Bac4up and Reco+e*y St*ategy

2.3.. (epa*t,ental and Uni+e*sity I# Syste,s Bac4up and Reco+e*y

St*ategy #e,plate

2.2 St*ategies fo* P*otecting Non8lect*onic !*itical andAo* Sensiti+e
(ocu,ents andAo* Reco*ds

2.? Dey Staff

2.?.. Dey Staff #e,plate

2.6 ,e*gency !ontact

2.3 !*itical Supplies

2.3.. !*itical Supplies #e,plate

2.8 !*itical Eendo*ASupplie* Info*,ation

2.8.. !*itical Eendo*ASupplie* Info*,ation #e,plate

?. Plan Education"#raining

?.. #*aining Needs &ssess,ent

?.... #*aining &ssess,ent #e,plate

?.2 #*aining !o,pleted

6. Plan #esting

3. Plan $aintenance

3.. #est !hanges fo* B!P

8. Post Incident evie%

/. &lossary

.0 Examples

.

... xecuti+e Sponso*

#he xecuti+e Sponso* is the (epa*t,ental Rep*esentati+e o* '*oup that has the
*esponsi6ility to ,a4e su*e that this c*itical function is deli+e*ed to the uni+e*sity.
#he*efo*e it is the *esponsi6ility of the xecuti+e Sponso* to ,a4e su*e that a Business
!ontinuity Plan is de+eloped1 ,aintained1 and tested.

#he xecuti+e Sponso* is *esponsi6le fo* the follo5ing<
I,ple,enting the tea,1
(e+eloping a Business !ontinuity Policy State,ent1
Re+ie5ing Ris4 &nalysis1
&pp*o+ing o+e*all plan content1
Re+ie5ing all testing outco,esF and1
Re+ie5ing any changes and ,aintenance to the plan.

eturn to #able of 'ontents

2

..2 #ea, %eade*

Co* a p*o=ect of this significance and co,plexity to 6e successful1 a suita6ly Bualified
#ea, %eade* 5ill need to 6e appointed. #he #ea, %eade* should possess good
leade*ship Bualities1 a good unde*standing of 6usiness p*ocesses and 6usiness
,anage,ent and st*ong p*o=ect ,anage,ent s4ills.

&n alte*nate #ea, %eade* should also 6e appointed 5ho 5ould 6e a6le to ta4e o+e* the
functions of the #ea, %eade* if needed.

It 5ill 6e the *esponsi6ility of the #ea, %eade* to ,a4e su*e the tea, is p*og*essing in
acco*dance 5ith the P*o=ect Plan guidelines1 gi+e *egula* status *epo*ts to the Business
!ontinuity Plan :B!P; Sponso*1 and o6tain app*o+al f*o, the Sponso* as needed.

3

..3 B!P P*o=ect #ea,

#he Business !ontinuity Plan :B!P; P*o=ect #ea, ,e,6e*s should 6e selectedF
pe*,ission o6tained fo* thei* in+ol+e,ent :if necessa*y;F and fo*,ally notified. ach of
the ,ain 6usiness and ope*ational a*eas 5ithin the o*gani@ation should 6e *ep*esented on
the B!P P*o=ect #ea,.

Rep*esentati+es f*o, each of the 4ey 6usiness a*eas should ha+e a co,p*ehensi+e
unde*standing of ho5 thei* o5n 6usiness a*ea functions1 in addition to an o+e*all
unde*standing of the o*gani@ation as a 5hole. ach a*ea *ep*esentati+e should 6e a6le to
6*ing to the B!P P*o=ect #ea, info*,ation on ho5 his o* he* o5n a*ea functions1 its 4ey
6usiness acti+ities o* suppo*t functions1 and its 4ey *is4 a*eas.


2

..3.. Select and Notify B!P P*o=ect #ea,

ach of the 6usiness and ope*ational a*eas 5ithin the o*gani@ation a*e to 6e *ep*esented
on the B!P P*o=ect #ea,. #he P*o=ect #ea, has o+e*all *esponsi6ility fo* the
de+elop,ent and ,aintenance of the Plan. )e,6e*s of the B!P P*o=ect #ea, a*e
cu**ently as follo5s<

B'P PO(E'# E)E'*#I+E
SPO,SO
(OB #I#-E A,D
DEPA#$E,#"DI+ISIO,
'O,#A'#
I,.O$A#IO,
/-ocation0 P1one0 Email0 Pager0 'ell P1one2

E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0
Pager0 'ell P1one2

&ny indi+idual *esponsi6ilities 5ithin P*o=ect #ea,<

B'P PO(E'# #EA$ -EADE (OB #I#-E A,D
DEPA#$E,#"DI+ISIO,
'O,#A'#
I,.O$A#IO,

E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0
Pager0 'ell P1one2

&ny indi+idual *esponsi6ilities 5ithin P*o=ect #ea, :i.e. Business Cunction o* P*ocess;<

B'P PO(E'# A-#E,A#E
#EA$ -EADE
(OB #I#-E A,D
DEPA#$E,#"DI+ISIO,
'O,#A'#
I,.O$A#IO,

E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0
Pager0 'ell P1one2

&ny indi+idual *esponsi6ilities 5ithin P*o=ect #ea, :i.e. Business Cunction o* p*ocess;<

?

B'P PO(E'# #EA$ $E$BE (OB #I#-E A,D
DEPA#$E,#"DI+ISIO,
'O,#A'#
I,.O$A#IO,

E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0
Pager0 'ell P1one2


B'P PO(E'# #EA$ $E$BE (OB #I#-E A,D
DEPA#$E,#"DI+ISIO,
'O,#A'#
I,.O$A#IO,

E$E&E,'3 'O,#A'# I,.O$A#IO, /4ome0
Pager0 'ell P1one2


&dd *o5s as needed

6

..3.2 )ission !*itical &cti+ities

#he follo5ing is a desc*ipti+e list of the o*gani@ation7s ,ission c*itical acti+ities andAo*
c*itical 6usiness p*ocesses1 togethe* 5ith a 6*ief desc*iption of the 6usiness p*ocess and
,ain dependencies.

5E3 B*SI,ESS AEA

BIE. DES'IP#IO, O.
B*SI,ESS PO'ESS
$AI, DEPE,DE,'IES

3

..2 Plan of &pp*o+al

P*ocedu*e fo* &pp*o+ing Business !ontinuity Plan :B!P; !ontent

#he*e ,ust 6e a clea* p*ocedu*e fo* adoption and app*o+al of the B!P. Updates and
changes to the plan should also 6e included in this p*ocess.

#he tea, should select f*o, the follo5ing possi6le app*o+al phases.

&ppoint,ent of B!P #ea, )e,6e*s
"+e*all Plan !ontent
#esting Plan "utco,es
!hangesA)aintenance to Plan


8

&pp*o+ing Business !ontinuity Plan :B!P !ontent;

B'P 'ontent Sent Date Approved
Date
'omments


/

..? P*o=ect Plan

#as! ,ame Duration Start .inis1 6
'omplete
Patient 'are Delivery Process
Phases
Begin - P*o=ect InitiationARis4 &nalysis 2 54s
Business Inte**uption Reco+e*y PlansASt*ategies 8 54s
&pp*o+al - xecuti+e Sponso* . 54s
#*aining > !o,,unication 2 54s
Ealidation > #esting 2 54s
Plan Updates > )aintenance . 54s
Gua*te*ly Re+ie5A#estingAPlan )odifications

.0

2.. "6=ecti+es and (eli+e*a6les

#he o6=ecti+es fo* the p*o=ect need to 6e clea*ly defined1 togethe* 5ith the deli+e*a6les.
!oncise definition 5ill ena6le the B!P P*o=ect #ea, to focus its effo*ts on the ,ost
i,po*tant issues and to ensu*e the 5o*4 unde*ta4en is *ele+ant in the context of the
o*iginal p*o=ect expectations. #he depa*t,ental B!P sponso* 5ould no*,ally app*o+e
these o6=ecti+es and deli+e*a6les.

Suggested Ho*ding fo* a Suita6le "6=ecti+e

#he p*o=ectIs p*inciple o6=ecti+e could 6e stated as<
"The development and testing of a well structured and coherent plan which will
enable the department / or function to recover as quickly and effectively as
possible from an unforeseen disaster or emergency which interrupts normal
business operations."

#he depa*t,ent A o* function could additionally ha+e a se*ies of su68o6=ecti+es 5hich
could co+e* issues such as speciali@ed *esea*ch and de+elop,ent acti+ities1 the need to
ensu*e that all e,ployees fully unde*stand thei* duties in i,ple,enting such a plan1 the
need to ensu*e that info*,ation secu*ity policies a*e adhe*ed to 5ithin all planned
acti+ities o* the need to ensu*e that the p*oposed contingency a**ange,ents a*e cost
effecti+e.

Suggested Ho*ding fo* a Suita6le %ist of (eli+e*a6les

#he deli+e*a6les1 in outline1 should consist of<

Business Ris4 and I,pact &nalysis
(ocu,ented acti+ities necessa*y to p*epa*e the depa*t,ent A o* function fo* possi6le
e,e*gencies :including st*ategic *eco+e*y ,easu*es;
(etailed acti+ities fo* dealing 5ith the (isaste* Reco+e*y Phase
P*ocedu*e fo* ,anaging the Business Reco+e*y P*ocess
Plan fo* testing the Business Reco+e*y P*ocess
Plan fo* t*aining the staff in the Business Reco+e*y P*ocess
P*ocedu*e fo* 4eeping the Plan updated
*** Examples from other Plans
..

2.... P*o=ect "6=ecti+es and (eli+e*a6les

#o ena6le the B!P P*o=ect #ea, to focus effo*ts on the 4ey issues1 and to ensu*e the
5o*4 unde*ta4en is *ele+ant to the *eBui*e,ents of the p*o=ect1 the p*o=ectIs o6=ecti+es
and deli+e*a6les ,ust 6e clea*ly defined. #he (epa*t,ent A xecuti+e Sponso* is
*esponsi6le fo* app*o+al of o6=ecti+es and deli+e*a6les.

OB(E'#I+ES O. B'P PO(E'#7

)ain o6=ecti+e of B!P P*o=ect<

Su68o6=ecti+es of the B!P P*o=ect<

DE-I+EAB-ES O. B'P PO(E'#7

.2

3.. Business I,pact &nalysis

#he pu*pose of the Institutional Business I,pact &nalysis :BI&; is to assist executi+e leade*ship
in dete*,ining the pe*cei+ed c*iticality of disc*ete U#)B 6usiness unit entities.

Ideally the BI& should facilitate the high le+el identification of<
!o,,unity i,pacts
"pe*ational i,pacts
Cinancial i,pacts
Regulato*y i,pacts
&cc*editation i,pacts
P*ocess inte*dependencies
(ata sensiti+ity
(o5nti,e tole*ance
Reco+e*y co,plexity
#echnology dependencies

Cu*the*1 the agg*egated *esults of the Institutional BI& 5ill ulti,ately define p*o=ect scope fo* a
su6seBuent1 ,o*e *igo*ous e+aluation of associated se*+ices and 5o*4 p*oduct. 9ence1 please
co,plete all Buestions and p*o+ide as ,uch info*,ation as possi6le to ensu*e 4ey data ele,ents
a*e not ,issed.

NOTE !ee footnote below for e"amples of the term department

.. (epa*t,ent #as per $%! four digit Org &'(

2. (epa*t,ent &lign,ent :as per E"ecutive )evel %eporting !tructure;<
# ( 'epartment within *usiness +nit
#i.e,. $O-. is a department within !upport !ervices/ a business unit within *usiness
-dministration(
# ( *usiness +nit within Entity
#i.e., !upport !ervices is a *usiness +nit within *usiness -dministration/ an entity(

3. (esc*iption of (epa*t,ent<
#0hat are your department1s primary functions and processes2 0hat services does the
department provide the +niversity2(

.3
2. P*ocess "utput<
#0hat primary services, work products or information created/provided is made available
by your department2 )ist 3 of the most important.

?. P*ocess Input<
#0hat primary services/resources does your department rely on to perform its activities2
i.e., &nformation Technology/software, special equipment information, etc. )ist up to five.(

6. #he loss of these se*+icesA*esou*ces 5ould ha+e the follo5ing cu,ulati+e effect on entity
function and p*ocesses<

: ; Significant ha*, o* effect
#i.e., entity/department could supply some services/resources to the university but in
such a diminished capacity that services would be unacceptable(
: ; )ode*ate ha*, o* effect
#i.e., entity/department could supply services/resources in a diminished but acceptable
capacity to the university(
: ; )ini,al ha*, o* effect
#i.e., entity/department could supply services/resources to the university in a 4somewhat
normal5 capacity by altering processes or procedures(
: ; No ha*, o* effect
#i.e., entity/department could to supply services/resources in a normal manner to the university(

.2
3. #he loss of you* depa*t,ent 5ould affect the follo5ing 6*eadth of ha*,< :chec4 all that
apply;

: ; Potential endange*,ent to pu6lic health o* safety
#i.e., the state, community, or any subset of population served. This would include
patient, student, and staff health or safety(
: ; &d+e*sely i,pact 6usiness1 o* o*gani@ation1 state agency1 office1 co,,ission1 6oa*d1
uni+e*sity1 institution1 cente*1 p*og*a,1 o* othe* entity exte*nal to U#)B
#i.e., would adversely impact outside entities e"ternal to +T.*/ i.e., partnerships with
other universities, research that supports other businesses, etc(
: ; &d+e*sely i,pact U#)B only
#i.e., would only impact +T.*1s service level or integrity/reputation(
: ; No ha*, o* effect
:i.e.1 entityAdepa*t,ent could supply se*+icesA*esou*ces in a no*,al ,anne* to the
uni+e*sity;

8. #he loss of you* depa*t,ent 5ould ha+e the follo5ing effect on U#)B ,issions :select one;<

: ; )ino* effect on one di+ision o* 6usiness unit
#the loss of your department would be an inconvenience to one department or business
unit of the university.(
: ; )ino* effect on the institution1 so,e di+isions1 o* 6usiness units
#the loss of your department would be an inconvenience to several divisions or
business units of the university(
: ; )ode*ate effect on so,e di+isions o* 6usiness units
#the loss of your department would cause some divisions to change procedures
and the way their business functions are supplied to the university(
: ; )ode*ate effect on the institution
#the loss of your department would cause the university to alter the way they supply
normal delivery processes(
: ; !atast*ophic effect on one di+ision o* 6usiness unit
#the loss of your department would cause seriously affect one division/business unit1s
the inability to provide normal services to the university(
: ; !atast*ophic effect on the institution1 so,e di+isions1 o* 6usiness units
#the loss of your department would significantly impact normal services provided by
the university.(

.?
/. !ould this function 6e pe*fo*,ed fo* a pe*iod of ti,e at a *educed ope*ating efficiencyJ
#i.e., degraded performance such as manual versus automated process(

If yes1 fo* ho5 longJ
# ( )ess than 67 hours
# ( +p to 8 to 3 days
# ( 9reater than 3 days
# ( 9reater than 6 weeks
&dditional co,,entsJ

.0. 9o5 long could you* depa*t,ent 6e completely idle /i8e80 totally lost2 6efo*e it
expe*iences o* c*eates a significant ad+e*se i,pactJ
#i.e., 4totally lost5 cannot perform its functions in any capacity for any reason(
# ( )ess than 67 hours
# ( +p to 8 to 3 days
# ( 9reater than 3 days
# ( 9reater than 6 weeks

&dditional co,,entsJ

... 9o5 long can the depa*t,ent continue to function 5ithout its usual auto,ated
info*,ation syste,s eithe* depa*t,ental o* cent*ali@ed U#)B syste,sJ
:&ssu,e that loss of these syste,s occu*s du*ing the busiest0 or pea!0 %or! period82

/ 2
%ess than 22 hou*s

#Operation of the 'epartment has an e"treme reliance on information system and
requires immediate disaster recovery plans, which have been tested, for the
replacement/access to either internal or centrally supported systems.
/ 2
Up to 3 to ? days

#The department has a significant dependence on information systems. - ma:or
interruption of service delivery would occur if information systems were unavailable
for 8 to 3 days.
/ 2
Up to 2 5ee4s

#The 'epartment has a minimal reliance on information systems and, could function
in a manual mode for up to two weeks at an acceptable service level.(
/ 2
)o*e than 2 5ee4s

#The 'epartment process/procedures are not dependent upon information systems and
can be accomplished in a manual mode for an e"tended period of time until systems
become available with no impact to service delivery.(

.6
.2. In the e+ent of a significant outage o* dis*uption1 5hen is the se+e*ity of i,pact ,o*e
significantJ
#i.e., if an outage occurs, are some months worse than others2 some days2 some hours2(

!hec4 all that apply
/ 2
some months versus others
/ 2
some days of the week versus others
/ 2
certain times of the day
/ 2
certain times of the year

#particular week of the month, month/quarter end, fiscal year end, etc.(
/ 2
no particular timing of an event is significantly greater than another

.3. C*o, the list of exposu*es 6elo51 please indicate the *elati+e i,po*tance of each type
to the institution using the *ating scale of 0 to .01 fo* the specific depa*t,ent.

&lso using the scale of 0 to 21 indicate the se+e*ity of each i,pact and ho5 it 5ould
escalate o+e* ti,e if the depa*t,ent 5as not a6le to function.

Exposure type elative
Importance Scale
9:;9

0 K no i,po*tance
? K ,ode*ate i,po*tance
.0K ext*e,e i,po*tance
Impact Severity Scale
9 < =
0 K no i,pact
. K little i,pact
2 K so,e i,pact
3 K significant i,pact
2 K se+e*e i,pact

-ess t1an
>= 1ours
*p to ? to @
days
&reater
t1an @
days
&reater
t1an >
%ee!s
-oss of revenue"cas1 flo%
#'oes your department create
revenue/cash flow to the university2(

-ost discounts
#0ould the loss of your department
create lost discounts2(

-ost interest earned
#&f your department earns
revenue/cash flow, would the loss of it
also create lost interest earned2(

'ontractual fines"penalty
#'oes your department perform
contract work2 0ould there be fines
or penalties, associated with not
being able to fulfill these contracts2(

.ailure to deliver
services"%or! product
result in failure to deliver
services/work product to anyone2(

.3

Importance Scale
9:;9

0 K no i,po*tance
9 < =
0 K no i,pact
. K little i,pact
2 K so,e i,pact
2 K se+e*e i,pact
-ess t1an
>= 1ours
*p to ? to @
days
&reater
t1an @
days
&reater
t1an >
%ee!s
-oss of customers"reduced
mar!et s1are"lost
opportunity
result in the loss of customers ;i.e.
patients, students, research, etc< or
the loss of market share or lost
opportunity2(

Interest incurred
result in some type of interest being
incurred2(

Additional costs to recover
require additional cost from
acquisition of outside services,
temporary employees, emergency
purchases, rental/lease fees, wages
paid to idle staff, relocation e"penses,
capital outlays, etc2(

-iability"potential litigation
#0ould the loss of your
department/function result in liability
or potential litigation2(

egulatory or non:
compliance violations
violate regulatory practices resulting
in the division/university being non=
compliant2(

Accreditation jeopardy or
violations
:eopardi>e any institutional
accreditation or violate terms of that
accreditation2(

.8
.2. "pe*ational I,pacts :those i,pacts that a*e difficult to Buantify ,oneta*ily 6ut can ha+e a
significant1 long8te*, effect on the institution - use sa,e scale as Buestion .3;<

Importance Scale
9:;9

0 K no i,po*tance
9 < =
0 K no i,pact
. K little i,pact
2 K so,e i,pact
2 K se+e*e i,pact

-ess t1an
>= 1ours
*p to ?
to @ days
&reater
t1an @
days
&reater
t1an >
%ee!s
!o,petiti+e &d+antage
!onsu,e* !onfidence
Repo*ting ReBui*e,ents
,ployee )o*ale
!usto,e* Se*+ice
Staff Retention
Eendo* Relations
Ho*4 Bac4log

.?. #he loss of you* depa*t,ent 5ould *esult in lost revenue"cas1 flo% f*o, fees1 collections1
inte*est1 penalties1 gifts1 g*ants1 etc. andAo* di,inish the depa*t,ent7s cost a+oidance capacity
:i.e.1 fines1 penalties1 litigation1 etc.;

(u*ing the indicated ti,e after t1e disaster1 the loss 5ould 6e<

#ime .rame
)ess than 67
hours
?@3AAB @3AAB=@C. L.)8L?) L?)8
L.0)
ML.0)
+p to 8 to 3 days ?@3AAB @3AAB=@C. L.)8L?) L?)8
L.0)
ML.0)
9reater than 3
days
?@3AAB @3AAB=@C. L.)8L?) L?)8
L.0)
ML.0)
'*eate* than 2
5ee4s
NL?00D @3AAB=@C. L.)8L?) L?)8
L.0)
ML.0)

.6. #otal annual *e+enue fo* you* depa*t,ent<

# ( None
# ( ?@CAAB
# ( @CAAB=@3AAB
# ( @3AAB=@C.
# ( @C.=@3.
# ( @3.=@CA.
# ( @CA.=@63.
# ( D@63.

./
.3. #otal annual 6udgeta*y funding fo* you* depa*t,ent<

# ( ?@CAAB
# ( @CAAB=@3AAB
# ( @3AAB=@C.
# ( @C.=@3.
# ( @3.=@CA.
# ( @CA.=@63.
# ( D@63.

.8. Based upon you* expe*iences and 4no5ledge of you* en+i*on,ent1 select the state,ent that
6est *eflects the vulnerability of you* depa*t,ent to a p*olonged dis*uption o* outage.
#Eulnerability can be related to availability of its technology infrastructure, speciali>ed or unique
equipment, or any other limiting factor.(

: ; Not +ulne*a6le
#No known factors that would cause a prolonged outage.(
: ; So,e5hat +ulne*a6le
#There are some factors present that may cause a prolonged outage. E"perience
indicates a low likelihood of occurrence.(
: ; Eulne*a6le
#There are factors present that may cause a prolonged outage. E"perience
indicates a medium likelihood of occurrence.(
: ; xt*e,ely +ulne*a6le
#There are multiple factors present that may cause a prolonged outage. E"perience
indicates a high likelihood of occurrence.(

./. #he *esto*ation co,plexity of a depa*t,ent is the *elati+e ,easu*e of ho5 difficult it 5ould
6e to *eco+e* the depa*t,ent to an accepta6le le+el of se*+ice follo5ing a significant dis*uption.
:!o,plexity can 6e *elated to a+aila6ility of its technology inf*ast*uctu*e1 speciali@ed o* uniBue
eBuip,ent1 o* any othe* li,iting facto*.; Please *ate the co,plexity of you* depa*t,ent using the
follo5ing definitions.

: ; asily *eco+e*a6le
#-ssumes an alternate location and required information and/or data from off=
premise storage.(
: ; So,e5hat *eco+e*a6le
#!ome information or elements may be difficult to replace in a reasonable
timeframe.(
: ; (ifficult to *eco+e*
#.any of the elements of your department may be difficult to replace in a
reasonable timeframe.(
: ; xt*e,ely difficult to *eco+e*
#There are elements that would be e"tremely difficult to replicate or the timeframe is
e"tremely long.(
20. (oes you* depa*t,ent c*eate1 p*ocess1 ,anage1 o* sto*e identifia6le *eco*ds on pe*sons
*elati+e to confidentiality o* p*i+acyJ :chec4 all that apply;

: ; Info*,ation *elating to che,ical o* 6iological agents
20
: ; P*otected patient data
#i.e., F&G-- implications(
: ; P*otected student data
#i.e., $E%G- implications(
: ; Pe*sonal I(
#i.e., social security numbers, employee numbers, drivers license numbers,
credit card numbers, etc.(
: ; "the* pe*sonal data
#i.e., physical addresses, phone numbers, pager numbers, email addresses, etc.(
: ; None

2.. (oes you* depa*t,ent c*eate1 p*ocess1 ,anage1 o* sto*e info*,ation that 5ould 6e of
co,,e*cial +alue to pa*ties exte*nal to U#)BJ :chec4 all that apply;

: ; Sensiti+e info*,ation
#i.e. proprietary and/or research data, employee data, etc.(
: ; !onfidential Info*,ation
#i.e. patient data, student data, social security numbers, etc.(
: ; "pe*ational Info*,ation
#i.e., vendor list, contact information, business strategic plans, etc.(

22. %ist and 6*iefly desc*i6e additional depa*t,ental facto*s1 issues o* conce*ns not
add*essed in this su*+ey 5hich should 6e conside*ed 5hen e+aluating the i,pact of the
loss of this 6usiness unit depa*t,ent. &lso1 please list additional ite,s you 5ould
conside* i,po*tant fo* the de+elop,ent of *eco+e*y st*ategies and plans fo* you*
depa*t,ent.

(epa*t,ent Point of !ontact<
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

(ate< OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

#han4 you fo* you* ti,e and effo*t in co,pleting this su*+ey.
2.

3.2.. Ris4 &nalysis

#he B!P P*o=ect #ea, 5ill exa,ine each potential en+i*on,ental disaste* o* e,e*gency
situation including1 6ut not li,ited to1 o*gani@ed dis*uption :i.e. hu,an cause;F loss of
utilities and se*+ices dis*uptionF eBuip,ent o* syste, failu*eF se*ious info*,ation secu*ity
incidentsF and any othe* dis*uption caused 6y othe* e,e*gency situations not al*eady
co+e*ed.

ach of the a6o+e potential th*eats1 as 5ell as any othe*s that ,ight 6e uniBue to the
indi+idual depa*t,ent o* function1 ,ust 6e exa,ined in detail and an analysis de+eloped
to e+aluate the conseBuences of each. ach scena*io should also 6e assessed fo*
possi6ility o* occu**ence :p*o6a6ility *ating;1 possi6le i,pact :i,pact *ating; and any
co,pensating cont*ols that a*e in place. !o,pensating !ont*ols a*e inte*nal cont*ols that
co,pensate fo* *is4.

POBABI-I#3 A#I,& I$PA'# A#I,&
S'OE -E+E- S'OE -E+E-
. ER$ %"H . IRRI#&#IN'
2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (E&S#&#IN'
? ER$ 9I'9 ? #R)IN&%

.ormula for calculating potential ris!7

P*o6a6ility Rating x I,pact Rating K Ris4

Scale of Ris4

. N .3 N 2?
%o5 Ris4 )ode*ate Ris4 9igh Ris4


22

3.2.2 n+i*on,ental (isaste*s

#he B!P P*o=ect #ea, has exa,ined each potential en+i*on,ental disaste* o* e,e*gency situation. #he focus in this section1 is on
the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.

Potential en+i*on,ental disaste*s ha+e 6een assessed as follo5s<

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.
'O$PE,SA#I,& 'O,#O-S

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
PO#E,#IA- 'O,SED*E,'ES
9u**icane

#o*nado

Clood

lect*ical Sto*,s

Ci*e

C*ee@ing
!onditions

23

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
!onta,ination
and
n+i*on,ental
9a@a*ds

pide,ic

#+se cut and paste facility to add further entries(

2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (E&S#&#IN'
? ER$ 9I'9 ? #R)IN&%

PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent.

22

3.2.3 "*gani@ed and A o* (eli6e*ate (is*uption

#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, Qo*gani@ed dis*uptionR. #he focus
in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.

Potential disaste*s *esulting f*o, Io*gani@ed dis*uptionI ha+e 6een assessed as follo5s<

PO#E,#IA- DISAS#E POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
&cts of #e**o*is,

&cts of Sa6otage

&ct of Ha*

#heft

2?

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
&*son


2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (E&S#&#IN'
? ER$ 9I'9 ? #R)IN&%



26

3.2.2 %oss of Utilities and Se*+ices

#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, loss of utilities and se*+ices. #he
focus in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.

Potential disaste*s as a *esult of loss of utilities and se*+ices ha+e 6een assessed as follo5s<

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
lect*ical Po5e*

%oss of 'as
Supply

%oss of Hate*
Supply

Pet*oleu, and "il
Sho*tage

!o,,unications
Se*+ices
B*ea4do5n

23

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
%oss of
(*ainageAHaste
Re,o+al


2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (E&S#&#IN'
? ER$ 9I'9 ? #R)IN&%


28

3.2.? Buip,ent o* Syste, Cailu*e

#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, eBuip,ent o* syste, failu*e. #he
focus in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.

Potential disaste*s as a *esult of eBuip,ent o* syste, failu*e ha+e 6een assessed as follo5s<

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
Inte*nal Po5e*
Cailu*e

&i* !onditioning
Cailu*e

2/

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
Buip,ent
Cailu*e
:excluding I#
ha*d5a*e;


2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (E&S#&#IN'
? ER$ 9I'9 ? #R)IN&%


30

3.2.6 Se*ious Info*,ation Secu*ity Incidents

#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, se*ious info*,ation secu*ity
incidents. #he focus in this section is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.

Potential disaste*s as a *esult of se*ious Info*,ation Secu*ity incidents ha+e 6een assessed as follo5s<

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
!y6e* !*i,e

%oss of Reco*ds
o* (ata

(isclosu*e of
Sensiti+e
Info*,ation

3.

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
I# Syste, Cailu*e

2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (E&S#&#IN'
? ER$ 9I'9 ? #R)IN&%



32

3.2.3 "the* ,e*gency Situations

#he B!P P*o=ect #ea, has exa,ined each potential disaste* *esulting f*o, othe* e,e*gency situations. #he focus in this section is on
the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.

"the* potential e,e*gency situations ha+e 6een assessed as follo5s<

PO#E,#IA-
DISAS#E
POBABI-I#3
A#I,&
/SEE #AB-E
BE-OA2
BIE. DES'IP#IO, O.

BI$PA'#
A#I,&
/SEE #AB-E
BE-OA2
IS5
A#I,&
POBABI-I#3 x
I$PA'# C
BIE. DES'IP#IO, O.
Ho*4place
Eiolence

Neigh6o*hood
9a@a*ds

Island &ccessi6le

2 %"H 2 !"N#R"%%&B%
3 )(IU) 3 !RI#I!&%
2 9I'9 2 (EIS#&#IN'
? ER$ 9I'9 ? #R)IN&%

33
2.. Bac48Up1 Reco+e*y and Resu,ption St*ategies

#his section of the Plan should contain a list of the 4ey ad,inist*ation and ope*ational
p*ocesses 5ith an indication of the c*iticality of the p*ocess 5ithin the dis*uption pe*iod.

It is necessa*y to esta6lish standa*d ti,e86ands fo* ,easu*ing pe*iods 5hen1 du*ing an
e,e*gency1 no*,al 6usiness se*+ices could 6eco,e una+aila6le. #hese ti,e86ands a*e
then applied to each 4ey 6usiness p*ocess and an assess,ent ,ade of the financial and
ope*ational i,pact fo* outages.

U#)B has esta6lished th*ee ti,e86ands fo* add*essing alte*nati+e p*ocedu*es.

ScheduledA&nticipated "utage - this option assu,es that co,,unication as 6een
,ade to all depa*t,ents that do5nti,e 5ill occu* at a p*e8posted data and ti,e
du*ation :this is dete*,ined 6y the depa*t,ent;.

Unscheduled "utage - Sho*t (u*ation - this option assu,es that the*e is a se*+ice
inte**uption1 6ut is p*o=ected to 6e of a sho*t8te*, du*ation :this is dete*,ined 6y
the depa*t,ent;.

Unscheduled "utage - %ong (u*ation - this option assu,es that the*e is a se*+ice
inte**uption1 due to syste,s o* facilities1 fo* an extended pe*iod of ti,e :this is
dete*,ined 6y the depa*t,ent;.

Identify the potential dis*uption and i,pact to each of these p*ocesses. &dditionally
identify alte*nati+e ,ethods of handling each of these acti+ities. )anual 6ac4 up
p*ocedu*es 5ill 6e de+eloped fo* &d,inist*ation and "pe*ations functions as these a*e
usually *elati+ely easy to i,ple,ent 5hen I# syste,s a*e not a+aila6le. #hese can often
6e suppo*ted 6y 6usiness o* office soft5a*e p*o+iding sp*eadsheet1 data6ase and 5o*d
p*ocessing capa6ilities.

#o *esu,e no*,al ope*ations it is essential to plan fo* the potentially co,plex acti+ities
necessa*y to co,plete you* *eco+e*y p*ocess. "nce the e,e*gency is o+e*1 you ,ay need
to t*ansition f*o, a ,anual p*ocess 6ac4 to an elect*onic p*ocess. #his ,ay in+ol+e
extensi+e data ent*y and *econciling of data. In o*de* fo* this p*ocess to 6e effecti+e1 it
,ust 6e ca*efully planned and st*uctu*ed. Resu,ption St*ategy contains the fo*,at fo*
*eco*ding acti+ities1 5hich need to 6e1 ca**ied out in p*io*ity seBuence and 5hich pe*son
o* tea,s a*e *esponsi6le fo* co,pleting those tas4s. Hhe*e supplies and +endo*s a*e
*eBui*ed to supply goods o* se*+ices1 as pa*t of the *esu,ption p*ocess then these
acti+ities 5ill 6e in+ol+ed.

32

2.... Bac48Up1 Reco+e*y and Resu,ption St*ategies

Identify each essential acti+ity1 along 5ith its potential dis*uption and i,pact of each p*ocess. &dditionally identify alte*nati+e
,ethods of handling each of these acti+ities along 5ith *esu,ption p*ocedu*es fo* *esu,ing no*,al ope*ations. ach acti+ity 5ill
ha+e a sepa*ate g*id.

ESSE,#IA-
A'#I+I#IES
S'4ED*-ED"A,#I'IPA#ED
O*#A&E
&enerally E /#ime .rameFF2
*,S'4ED*-ED O*#A&E <
S1ort Duration
E /#ime .rameFF2
*,S'4ED*-ED O*#A&E:
-ong Duration
G /#ime .rameFF2
:Na,e &cti+ity
9e*e;

Potential Disruption

Potential Impact7

ecovery Strategy

esumption Strategy

3?

2.2 Cacilities and ssential Buip,ent Bac48Up and
Reco+e*y St*ategies

)any unexpected e+ents can affect facilities and essential eBuip,ent that a*e +ital to
continuation of no*,al 6usiness acti+ities. #hese include fi*e1 flood1 hu**icane1 te**o*ist
acti+ity1 etc. #he #ea, ,ust the*efo*e de+elop a plan of ho5 to continue to p*o+ide
6usiness se*+ices to its custo,e*s in the e+ent of a disaste*1 5hich affects eithe* its
facilities o* essential eBuip,ent.

He *eco,,end that each depa*t,ent contact and 5o*4 5ith Cacilities "pe*ations and
)anage,ent :20/833283?00; to o6tain alte*nati+e locations fo* conducting you* 6usiness
functions.

#his section of the Business !ontinuity Plan :B!P; 5ill contain details of such
a**ange,ents and an esti,ate of potential costs.

36

2.2.. Cacilities and ssential Buip,ent Bac48Up and Reco+e*y
St*ategies

)any unexpected e+ents can affect facilities and essential eBuip,ent +ital to the
continuation of no*,al 6usiness acti+ities. #his plan has the*efo*e 6een de+eloped to
ensu*e a continued se*+ice to custo,e*s in the e+ent of a disaste* affecting eithe* the
depa*t,ent7s A o* function7s facilities o* its essential eBuip,ent.

#he depa*t,ent7s A o* function7s 6ac48up and continuity st*ategies fo* its facilities and
essential eBuip,ent a*e as follo5s.

;8 .A'I-I#IES

,A$E O. .A'I-I#IES A&EED BA'5:*P A,D 'O,#I,*I#3 S#A#E&3


>8 ESSE,#IA- ED*IP$E,#

,A$E O. ED*IP$E,# DES'IP#IO, O.
ED*IP$E,#
-O'A#IO, 'OS# ES#I$A#E #O
EP-A'E

&g*eed Bac48up !ontinuity St*ategy

33

,A$E O. ED*IP$E,# DES'IP#IO, O.
ED*IP$E,#
-O'A#IO, 'OS# ES#I$A#E #O
EP-A'E

&g*eed Bac48up !ontinuity St*ategy


38

2.3 (epa*t,ental and Uni+e*sity I# Syste,s Bac48Up and
Reco+e*y St*ategies

In 'ene*al one of the ,ost i,po*tant aspects of Business !ontinuity Planning fo* the
,a=o*ity of depa*t,ents o* functions is in choosing an app*op*iate st*ategy fo* the 6ac48
up and *eco+e*y of the I#8 6ased syste,s.

In this section of the Plan1 the 4ey 6usiness p*ocesses a*e ,atched against the I# syste,
and an app*op*iate ti,e f*a,e to co,plete *eco+e*y is chosen. #his section ,ay *eBui*e
in8depth *esea*ch to dete*,ine the *ele+ant costs of each st*ategy. It ,ay also 6e
necessa*y to p*epa*e a detailed ReBuest fo* P*oposal fo* +endo*s to esta6lish the +ia6ility
and cost of the p*efe**ed st*ategic app*oach.

!onside*ation should also 6e gi+en to the i,pact of potential se+e*e da,age to 6oth
facilities and co,,unication7s syste,s1 5hich could ha+e a significant i,pact on the
depa*t,ent7s Ao* function7s I#1 se*+ices and syste,s.

3/

2.3.. (epa*t,ental and Uni+e*sity I# Syste,s Bac48Up and
Reco+e*y St*ategies

"ne of the ,ost i,po*tant aspects of Business !ontinuity Planning is choosing of an
app*op*iate st*ategy fo* the 6ac48up and *eco+e*y of I#8 6ased syste,s. !onside*ation
has 6een gi+en to the i,pact on the depa*t,ent A o* function7s I# syste,s of potential
se+e*e da,age to facilities o* co,,unications syste,s.

& su,,a*y of the (epa*t,ental I# syste,s and the ag*eed 6ac48up st*ategy a*e listed
6elo5. ach depa*t,ent syste,s 5ill also need to de+elop disaste* *eco+e*yA*esto*ation
p*ocedu*es. :see exa,ple of U#)B Info*,ation Se*+ices disaste* *eco+e*y
docu,entation;

,A$E O. I# S3S#E$ E'O+E3
#I$E
ED*IED
5E3 B*SI,ESS PO'ESS
S*PPO#ED
PO#E,#IA- I$PA'#

IS S$S#) B&!D( UPJ 9"H "C#N IS S$S#) B&!D( UPJ H9R &R B&!DUP #&PS DP#J ("S #9IS S$S#) 9&E
EI#&% %!#R"NI! R!"R(S &N(A"R (&#&<

&'R( B&!D8UP S#R&#'$< :Hhat is you* st*ategy if syste, is not a+aila6leJ;

PRS"N RSP"NSIB% C"R S$S#) :i.e. ,aintenance1
6ac4up1 *esto*ation;

&%#RN&# PRS"N RSP"NSIB% C"R S$S#)

IS S$S#) B&!D( UPJ 9"H "C#N IS S$S#) B&!D( UPJ H9R &R B&!DUP #&PS DP#J

&'R( B&!D8UP S#R&#'$< :Hhat is you* st*ategy if syste, is not a+aila6leJ;

PRS"N RSP"NSIB% C"R S$S#) :i.e. ,aintenance1
6ac4up1 *esto*ation;

&%#RN&# PRS"N RSP"NSIB% C"R S$S#)

20
& su,,a*y of the Uni+e*sity cent*ali@ed I# Syste,sA&pplications1 5hich suppo*t
depa*t,ent functions1 and the Info*,ation Se*+ices contact info*,ation. #&t is
&nformation !ervices responsibility to establish back=up strategy for the &T !ystem listed
below(

,A$E O. I# S3S#E$ 5E3 B*SI,ESS PO'ESS
S*PPO#ED
PO#E,#IA- I$PA'#

!a,pus (ata Net5o*4
!onnecti+ity fo* data
accessAexchange f*o,
all se*+e*s on the
ca,pus.
Ina6ility to accessAp*ocess data
filed on any se*+e* on the
ca,pus.
IS 'O,#A'# I,.O$A#IO,H
IS 9elp (es4 - ext 2?200

,A$E O. I# S3S#E$ 5E3 B*SI,ESS PO'ESS
S*PPO#ED
PO#E,#IA- I$PA'#

IS 'O,#A'# I,.O$A#IO,7

2.

2.2 St*ategies fo* P*otecting Non8lect*onic !*itical andAo* Sensiti+e
(ocu,ents andAo* Reco*ds

#he B!P P*o=ect #ea, has assessed 6oth elect*onic *eco*ds and pape* 6ased *eco*ds
listed 6elo5 as 6eing +ital andAo* sensiti+e to the o*gani@ations 6usiness acti+ities.
St*ategies fo* p*otecting and *eco+e*ing these docu,ents ha+e 6een *e+ie5ed and a*e
docu,ented 6elo5.

Na,e of
(ocu,entAReco*d
B*ief (esc*iption (oes this docu,ent
hold confidential o*
sensiti+e info*,ation
:5hat type;
%ocation 9eld

Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<

Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,ageJ

Na,e of
(ocu,entAReco*d
:5hat type;
%ocation 9eld



22

Na,e of
(ocu,entAReco*d
:5hat type;
%ocation 9eld



23

2.? Dey Staff

,ployees a*e an i,po*tant and +alua6le assets 5ho in an e,e*gency 5ill assist
depa*t,ent A o* function in a Buic4 *eco+e*y. )ain supplie*s of c*itical goods and
se*+ices a*e also essential to continue to suppo*t *eco+e*y of 6usiness ope*ations to
no*,al ope*ating ,ode.

$ou* (isaste* Reco+e*y Plan and B!P 5ill *ely p*incipally on 4ey ,e,6e*s of
,anage,ent and staff 5ho 5ill p*o+ide the technical and ,anage,ent s4ills necessa*y to
achie+e a s,ooth 6usiness *eco+e*y p*ocess. #hese 4ey ,e,6e*s of ,anage,ent o* staff
5ill 6e selected and *esponsi6le fo* the i,ple,entation of the B!P in the e+ent of an
e,e*gency. & 5ell8o*gani@ed and st*uctu*ed app*oach 5ill *educe the potential fo* the
unexpected c*isis to 6eco,e un,anagea6le.

#his info*,ation is fo* depa*t,ental use and 5ill not 6e gene*ally dist*i6uted.


22

2.?.. Dey Pe*sonnel

Hhen an e,e*gency occu*s it is necessa*y to ha+e access to all 4ey pe*sonnel fo* the
functional a*eas and syste,s affected 6y the c*isis. #his info*,ation should 6e ,ade
a+aila6le to the B!P *eco+e*y tea,s and should 6e constantly updated.

#his section of the B!P 5ill contain a list of 4ey pe*sonnel1 thei* position1 functional
a*ea1 and p*ocedu*es o* syste,s fo* 5hich they a*e *esponsi6le. #his section 5ill also
include no*,al and e,e*gency contact info*,ation. #his info*,ation is fo* depa*t,ental
use and 5ill not 6e gene*ally dist*i6uted.

(ue to changes in pe*sonnel :i.e. att*ition1 ,o+es1 etc it is *eco,,ended that this 6e
tested and updated at least Bua*te*ly.;

,A$E
DI+ISIO,"
DEPA#$E,#
.*,'#IO, O PO'ESS
.O A4I'4 ESPO,SIB-E
O..I'E E)#8
E$E&E,'3 'O,#A'# DE#AI-S
/4ome0 Pager0 'ell P1one2

eturn to #able of 'ontents -ast evisionIIIIIIIIIIIIIIIIII
2?

2.6 ,e*gency !ontact Info*,ation

E)#E,A- E$E&E,'3 'O,#A'# ,*$BES

Police1 Ci*e and &,6ulance /..
U#)B ,e*gency &le*t %ine - :20/; 338&le*t :3328??38;
#oll C*ee .888883328?22/
U#)B !a,pus "pe*ato* :20/; 3328.0..

I,#E,A- E$E&E,'3 'O,#A'# ,*$BES

&dd nu,6e*s as needed.

U#)B P"%I! 2....
U#)B CIR %IN 2.2..
"ffice of Uni+e*sity
&d+ance,ent :call the, fo*
,edia co,,unication;
226.8
C&!I%I#IS
)&IN#N&N!
2.?86
P"IS"N !"N#R"%
!N#R
80083628366.

%%%8utmb8edu"alert
%%%8utsystem8edu"utmb"alert81tm

26

2.3 !*itical Supplies

It is necessa*y to p*epa*e fo* e,e*gencies 5he*e the depa*t,ent7s supplies ,ay 6e
dest*oyed o* uno6taina6le th*ough usual sou*ces. Such an occu**ence could1 fo* exa,ple1
6e caused th*ough fi*e o* flood da,age.

#he depa*t,ent A o* function should decide on a suita6le st*ategy to deal 5ith this
situation1 5hich could include holding an e,e*gency stoc4 of supplies at an off8site
location. &lte*nati+ely1 the B!P could include a list of e,e*gency supplies1 5hich could
6e o*de*ed on a next8day deli+e*y 6asis. (etails of alte*nati+e supplie*s should also 6e
included1 in the e+ent that you* no*,al supplie* is also affected 6y an e,e*gency.

#his section of the B!P should include info*,ation on the supplies held off8site1 togethe*
5ith a list of ite,s that could 6e o*de*ed in an e,e*gency at sho*t notice. It should also
list alte*nati+e supplie*s.

23

2.3.. !*itical Supplies

In the e+ent of an e,e*gency 5he*e the depa*t,ent7s supplies a*e dest*oyed1 6ac48up
stoc4 can 6e o6tained f*o, off8site locations1 as follo5s. &lso listed 6elo5 a*e details of
supplie*s 5ho can p*o+ide e,e*gency supplies on a next8day deli+e*y 6asis.

;8 'I#I'A- S*PP-IES S#O'5 4E-D O..:SI#E

I#) N&) "C
%"!&#I"N
&((RSS "C
%"!&#I"N
!"N#&!# PRS"N !"N#&!# N".


>8 S*PP-IES #4A# 'A, BE ODEED O, A ,E)# DA3 BASIS .O$ E&*-A S*PP-IE

I#) N&) "C R'U%&R SUPP%IR !"N#&!# PRS"N !"N#&!# N".

?8 A-#E,A#I+E S*PP-IES AB-E #O S*PP-3 O, ,E)# DA3 BASIS I. E&*-A
S*PP-IES A..E'#ED B3 E$E&E,'3

I#) N&) "C &%#RN&#IE SUPP%IR !"N#&!# PRS"N !"N#&!# N".

28

2.8 !*itical Eendo*

(epending upon the natu*e of the disaste*1 it is feasi6le that +endo*s of c*itical se*+ices
,ay also 6e affected. #his can affect you* o5n 6ac48up and *eco+e*y a**ange,ents
5he*e you* depa*t,ent is dependent upon a pa*ticula* +endo* fo* that *eco+e*y p*ocess to
6e achie+ed successfully. It is i,po*tant the*efo*e that you* o5n 4ey +endo* also ha+e an
effecti+e B!P fo* dealing 5ith e,e*gencies. $ou should *eBuest info*,ation f*o, you*
+endo*s to ensu*e they ha+e this.

#his section of the B!P should include a list of 4ey +endo*s the c*itical se*+ices they a*e
supplying1 thei* no*,al contact info*,ation1 and thei* e,e*gency contact info*,ation.
Cu*the* conside*ation should 6e gi+en to +endo*s 5ho 5ould 6e a6le to p*o+ide c*itical
se*+ices in the e+ent of failu*e to deli+e* f*o, one of you* identified 4ey +endo*s.

2/

2.8.. !*itical Eendo*s

%isted 6elo5 a*e the depa*t,ent A function 4ey +endo*s 5ho ,ay need to 6e contacted in
the e+ent of an e,e*gency. In the e+ent of these *egula* +endo*s a*e not a6le to p*o+ide
the se*+ices *eBui*ed in an e,e*gency1 an alte*nati+e list of +endo*s has also 6een
identified.

;8 E&*-A +E,DOS

,A$E O. +E,DO SE+I'ES PO+IDED ,O$A- 'O,#A'#
DE#AI-S
E$E&E,'3
'O,#A'# DE#AI-S

>8 A-#E,A#I+E +E,DOS

,A$E O. +E,DO SE+I'ES PO+IDED ,O$A- 'O,#A'#
DE#AI-S
E$E&E,'3
'O,#A'# DE#AI-S

?0

?.0 Plan ducation and #*aining

&ll staff should 6e t*ained in the 6usiness continuity p*ocess. #his is pa*ticula*ly
i,po*tant 5hen the p*ocedu*es a*e significantly diffe*ent f*o, those pe*taining to no*,al
ope*ations. #his t*aining ,ay 6e integ*ated 5ith the t*aining phase o* handled sepa*ately.

& t*aining needs assess,ent ,ust 6e conducted to identity 5hat t*aining should 6e
esta6lished. #he plan ,ust specify 5hich pe*son o* g*oup of pe*sons *eBui*es 5hich type
of t*aining. It is t is necessa*y fo* all ne5 o* *e+ised p*ocesses to 6e explained ca*efully
to the staff. Co* exa,ple it ,ay 6e necessa*y to ca**y out so,e p*ocess ,anually if the
I# syste, is do5n fo* any length of ti,e. #hese ,anual p*ocedu*es ,ust 6e fully
unde*stood 6y the pe*sons 5ho a*e *eBui*ed to ca**y the, out. Co* la*ge* o*gani@ations it
,ay 6e p*actical to ca**y out the t*aining in a class*oo, en+i*on,ent1 ho5e+e*1 fo*
s,alle* o*gani@ations the t*aining ,ay 6e 6ette* handled in a 5o*4shop style.

#his section of the B!P 5ill identify fo* each 6usiness p*ocess 5hat type of t*aining is
*eBui*ed and 5hich pe*sons o* g*oup of pe*sons need to 6e t*ained.

?.. #*aining &ssess,ent

5E3 B*SI,ESS AEA
#3PE O. #AI,I,&
ED*IED
PESO,S O &O*PS
#O BE #AI,ED
,O8 O.
PESO,S

?.

?.2 #*aining !o,pleted

It is i,po*tant to 4eep a *eco*d of all e,ployees 5ho ha+e 6een t*ained in the B!P
P*ocess.

PESO,S O &O*PS #O BE #AI,ED
5E3 B*SI,ESS AEA
#AI,ED
DA#E 'O$P-E#ED

?2

6.0 Plan #esting

&n untested plan can often 6e ,o*e of a hind*ance than help. #he a6ility of the B!P to
6e effecti+e in e,e*gency situations can only 6e assessed if *igo*ous testing is ca**ied out
in *ealistic conditions. #he B!P #esting Phase contains i,po*tant +e*ification acti+ities1
5hich should ena6le the plan to stand up to ,ost dis*upti+e e+ents.

#he B!P should 6e tested 5ithin a *ealistic en+i*on,ent1 5hich ,eans si,ulating
conditions1 applica6le in an actual e,e*gency. It is also i,po*tant that the pe*sons 5ho
5ould 6e *esponsi6le fo* those acti+ities in a c*isis ca**y out the tests.

In ,ost cases a ta6letop test 5ill 6e conducted. & scena*io 5ill 6e gi+en to you* B!P
g*oup along 5ith Buestions that 5ill need to 6e ans5e*ed du*ing the test.

?3

3.0 Plan )aintenance

It is necessa*y fo* the B!P updating p*ocess to 6e p*ope*ly st*uctu*ed and cont*olled.
#his 5ould include an e+aluation of the (isaste* Reco+e*y Plan :I# Plan; fo* potential
change due to the dyna,ic natu*e of the th*eat population and syste, configu*ation

Hhene+e* changes a*e ,ade to the B!P they a*e to 6e fully tested and app*op*iate
a,end,ents should 6e ,ade to the t*aining ,ate*ials. #his 5ill in+ol+ed the use of
fo*,ali@ed change cont*ol p*ocedu*es unde* the cont*ol of the B!P #ea, %eade*.

#he follo5ing fo*, should 6e used fo* the *eBuest and app*o+al of such changes.
Collo5ing app*o+ed changes to the plan1 it is i,po*tant that the B!P leade*1 B!P
*eco+e*y tea,1 xecuti+e Sponso* and the IR) a*e 4ept fully info*,ed.

?2

3.. #est all !hanges to Plan

Hhene+e* the*e is a change to the B!P Plan a co,plete test should 6e ca**ied out and
docu,ented.

Collo5 the app*op*iate test p*ocedu*es as outlined in Section ? of this plan.

??

8.0 Post Incident &nalysisARepo*t

"n co,pletion of any incident1 that i,pacts you* deli+e*y of no*,al se*+ice1 the B!P
#ea, should p*epa*e an incident analysis on you* B!P plan. #his is to assess the
adeBuacy of the plan and any deficiencies.

#he p*incipal o+e*all o6=ecti+es in conducting the post incident analysis a*e toF +e*ify that
the 6usiness *eco+e*yA*esu,ption plans a*e cu**ent and up to date1 that the
*eco+e*yA*esu,ption plan pe*fo*,ed effecti+ely and *eco+e*ed the affected functions1
identify a*eas of the plan to i,p*o+e1 e+aluate the flo5 of co,,unications1 and e+aluate
the effecti+eness of the plan.

?6

8.. Post Incident &nalysis

#he B!P tea, has *e+ie5ed the follo5ing incident.

(ate of incident<

#i,e<
(esc*iption of incident<

Hhat c*itical functionAfunctions 5e*e inte**upted du*ing this incidentJ

(id you* B!P add*ess the *eco+e*y of the inte**upted c*itical function effecti+elyJ
If not1 5hat a*eas of the *eco+e*y plan can 6e i,p*o+edJ

(id co,,unication flo5 effecti+elyJ

Hhe*e the*e any p*o6le,s getting o* *ecei+ing co,,unicationsJ

Hhe*e all phone nu,6e*s accu*ate and a+aila6leJ

?3

Hhat changes need to 6e ,ade to the B!PJ

Hho 5ill 6e ,a4ing the changes to the plansJ

Hill changes need to 6e testedJ

Hho 5ill app*o+e the changes ,ade to the B!PJ

Hho 5ill 6e *epo*ting changes ,ade to the xecuti+e Sponso* of the planJ

?8

/.0 'lossa*y of #e*,s

Act of Sabotage7 &n act of sa6otage is the deli6e*ate se*ious dis*uption of an
o*gani@ation7s acti+ities 5ith an atte,pt to disc*edit o* financially da,age the
o*gani@ation. Business 5ill often 6e i,,ediately and se*iously affected 6y successful
acts of sa6otage. #his can affect the no*,al ope*ations and also se*+e to de8sta6ili@e the
5o*4fo*ce. &n inte*nal attac4 on the I# syste,s th*ough the use of ,alicious code can 6e
conside*ed to 6e an act of sa6otage.

Act of terrorism7 &cts of te**o*is, include explosions1 6o,6 th*eats1 hostage ta4ing1
sa6otage and o*gani@ed +iolence. Hhethe* this is pe*pet*ated th*ough a *ecogni@ed
te**o*ist o*gani@ation o* a +iolent p*otest g*oup1 the effect on indi+iduals and 6usiness is
the sa,e. Such acts c*eate unce*tainty and fea* and se*+e to desta6ili@e the gene*al
en+i*on,ent.

Act of Aar7 &n act of 5a* is the co,,ence,ent of hostilities 6et5een one count*y and
anothe*. #his could ta4e the fo*, of ai* st*i4es1 g*ound st*i4es1 in+asion o* 6loc4ades.
Business could 6e i,,ediately affected 5he*e they a*e eithe* located nea* the out6*ea4
of hostilities o* 5he*e they a*e dependent upon i,po*ts o* expo*ts fo* su*+i+al. )any
6usinesses do not su*+i+e a p*olonged out6*ea4 of 5a*.

Air conditioning failure7 &n ai* conditioning :&!; failu*e could ha+e se*ious
conseBuences 5he*e the &! unit is p*otecting pa*ticula*ly sensiti+e eBuip,ent such as a
,ain co,pute* p*ocessing unit1 and the *ise in te,pe*atu*e could cause the eBuip,ent to
fail and 6e da,aged. It can also affect the 5o*4fo*ce as conditions in 6uildings can
6eco,e ext*e,ely unco,fo*ta6le 5ith a significant *ise in te,pe*atu*es and 5he*e the
staff is ad+e*sely affected. Po*ta6le &! eBuip,ent ,ay possi6le 6e used as 6ac4 up.

Alert7 & fo*,al notification that an incident has occu**ed 5hich ,ay de+elop into a
disaste*.

Alternate Site7 & location 5he*e c*itical 6usiness functions can *esu,e p*ocessing in the
e+ent of an inte**uption o* disaste*.

Arson7 &*son is the deli6e*ate setting of a fi*e to da,age the o*gani@ations p*e,ises and
contents. &s this can cause 6oth loss of p*e,ises and loss of goods and othe* assets1 this
can 6e highly dis*upti+e to the o*gani@ation.

Building denial7 &ny da,age1 failu*e o* othe* condition1 5hich causes denial of access
to the 6uilding o* the 5o*4ing a*ea 5ithin the 6uilding1 e.g. fi*e1 flood1 conta,ination1
loss of se*+ices1 ai* conditioning failu*e1 and fo*ensics.

?/
Business 'ontinuity Plan7 & collection of p*ocedu*es and info*,ation that is de+eloped
and ,aintained in *eadiness fo* use in the e+ent of an e,e*gency o* disaste*.

Business 'ontinuity Planning /B'P27 P*epa*ations ,ade to 4eep a 6usiness *unning
du*ing and afte* a disaste*1 ensu*ing the a+aila6ility of those *esou*ces *eBui*ed to
,aintain the ongoing +ia6ility of the o*gani@ation.

Business 'ontinuity #eam -eader7 & ,e,6e* of the *eco+e*y ,anage,ent tea, 5ho
is assigned the o+e*all *esponsi6ility fo* coo*dinato* of the *eco+e*y planning p*og*a,
ensu*ing tea, ,e,6e* t*aining1 testing and ,aintenance of *eco+e*y plans.

Business impact analysis /BIA27 & ,anage,ent le+el analysis1 5hich identifies the
i,pacts of losing co,pany *esou*ces. #he BI& ,easu*es the effect of *esou*ces loss and
escalating losses o+e* ti,e in o*de* to p*o+ide senio* ,anage,ent 5ith *elia6le data upon
5hich to 6ase decisions on *is4 ,itigation and continuity planning.

Business Impact Assessment /BIA27 &s4 the follo5ing Buestions< 9o5 6ad can things
getJ Hhat a*e the ,ost i,po*tant *esou*ces1 syste,s1 outputs1 and dependencies 6y
6usiness functionJ Hhat i,pact does una+aila6ility ha+eJ

'old Site7 "ne o* ,o*e data cente*s o* office space facilities eBuipped 5ith sufficient
p*e8Bualified en+i*on,ental conditioning1 elect*ical connecti+ity1 co,,unications
access1 configu*a6le space and access to acco,,odate the installation and ope*ation of
eBuip,ent 6y c*itical staff *eBui*ed to *esu,e 6usiness ope*ations.

'ommand 'enter< #his is the location set up fo* ,anage,ent and B!P to ope*ate f*o,
du*ing e,e*gency situations. #he continuity plan docu,ent and othe* needed *esou*ces
should 6e ,aintained the*e.

'ommunications services brea!do%n7 )ost 6usinesses a*e fully dependent upon thei*
teleco,,unications se*+ices to ope*ate thei* no*,al 6usiness p*ocesses and to ena6le
thei* net5o*4s to function. & dis*uption to the teleco,,unications se*+ices can *esult in
a 6usiness losing *e+enue and custo,e*s. #he use of cell86ased telephones can help to
alle+iate this 6ut the ,ain *eliance is li4ely to 6e on the land 6ased lines.

'ontamination and Environmental 4azards7 !onta,ination and en+i*on,ental
ha@a*ds include polluted ai*1 polluted 5ate*1 che,icals1 *adiation1 as6estos1 s,o4e1
da,pness and ,ilde51 toxic 5aste and oil pollution. )any of these conditions can
dis*upt 6usiness p*ocesses di*ectly and1 in addition1 cause sic4ness a,ong e,ployees.
#his can *esult in p*osecution o* litigation if ,o*e pe*,anent da,age to e,ployees7
health occu*s.

'ontrollable7 U#)B 5ould 6e a6le to exe*cise *est*aint and di*ect influence o+e* the
e+ent1 *e,aining in *elati+e cont*ol of 6usiness.

60
'risis7 &n a6no*,al situation1 o* pe*ception1 5hich th*eatens the ope*ations1 staff1
custo,e*s o* *eputation of an ente*p*ise.

'ritical7 U#)B 5ould find that Buality1 se*+ice1 andAo* p*ope*ty could suffe*1 causing a
change o* dis*uption in 6usiness *esulting in a ,ode*ate state of c*isis o* e,e*gency.

'ritical Business .unctions< #hose functions conside*ed essential to the ongoing
ope*ation of the o*gani@ation o* 6usiness unit. !*itical functions also include anything
that ,ight ad+e*sely i,pact se*+ice deli+e* o* significantly i,pai* the ad,inist*ati+e o*
financial integ*ity of the o*gani@ation.

'yber crime7 !y6e* c*i,e is a ,a=o* a*ea of info*,ation secu*ity *is4. It includes
attac4s 6y hac4e*s1 denial of se*+ice attac4s1 +i*us attac4s1 hoax +i*us 5a*nings and
p*e,editated inte*nal attac4s. &ll cy6e* c*i,e attac4s can ha+e an i,,ediate and
de+astating affect on the o*gani@ation7s no*,al 6usiness p*ocess. #he a+e*age cost of an
info*,ation secu*ity incident has 6een esti,ated at S301000 and o+e* 60T of
o*gani@ations a*e *epo*ted to expe*ience one o* ,o*e incident e+e*y yea*.

Devastating7 U#)B se*+ices 5ould 6e significantly deg*aded1 6ut 5ould 6e a6le to
conduct 6usiness.

Disaster ecovery 'oordinator7 &cti+ates (isaste* Reco+e*y Plan. Ho*4s 5ith
ad,inist*ation1 ad+iso*y co,,ittees1 and (isaste* Reco+e*y #ea, to allocate *esou*ces
and coo*dinate i,ple,entation of the (isaste* Reco+e*y Plan. Se*+es as the p*i,a*y
contact and coo*dinates the *eco+e*y effo*t. Insu*es that status of the *eco+e*y effo*t is
co,,unicated to the app*op*iate le+els of the o*gani@ation. Insu*es that a post ,o*te,
*e+ie5 is conducted and that upg*ades a*e inco*po*ated into the plan as app*op*iate.

Disaster ecovery Planning /DP27 #ypically1 the technology aspects of a 6usiness
continuity plan1 to *eco+e* info*,ation syste, *esou*ces to full o* pa*tial p*oduction
p*ocessing le+els in the e+ent of an extended outage. No*,ally1 info*,ation syste,
*esou*ces 5ill 6e *esto*ed acco*ding to a p*io*ity indicated 6y 5hat is Q,ission c*iticalR to
the o*gani@ation.

Disclosure of sensitive information7 #his is a se*ious info*,ation secu*ity incident1
5hich can *esult in se+e*e e,6a**ass,ent1 financial loss1 and e+en litigation 5he*e
da,age has 6een caused to so,eone7s *eputation o* financial standing. Cu*the* types of
se*ious disclosu*e in+ol+e sec*et patent info*,ation1 plans and st*ategic di*ections1
*esea*ch1 info*,ation disclosed to legal *ep*esentati+es etc. (eli6e*ate unautho*i@ed
disclosu*e of sensiti+e info*,ation is also *efe**ed to as espionage.

Electrical Storms7 the i,pact of lightning st*i4es can 6e significant. It can cause
dis*uption to po5e* and can also cause fi*es. It ,ay also da,age elect*ical eBuip,ent
including co,pute* syste,s. St*uctu*al da,age is also possi6le th*ough falling t*ees o*
othe* o6=ects.

6.
Electrical po%er failure7 &ll o*gani@ations depend on elect*ical po5e* to continue
no*,al ope*ations. Hithout po5e* the o*gani@ation7s co,pute*s1 lights1 telephones and
othe* co,,unication ,ediu, 5ill not 6e ope*ational and the i,pact on no*,al 6usiness
ope*ation can 6e de+astating. &ll o*gani@ations should 6e p*epa*ed fo* a possi6le
elect*ical po5e* failu*e1 as the i,pact can 6e so se+e*e. (ata can 6e lost1 custo,e*s can
6e lost and the*e can 6e a se*ious i,pact on *e+enue. P*e8planning is essential as a
*egional outage can cause a sho*tage of 6ac4up elect*ical gene*ato*s.

Epidemic7 &n epide,ic can occu* 5hen a contagious illness affects a la*ge nu,6e* of
pe*sons 5ithin a count*y o* *egion. #his can ha+e a pa*ticula*ly de+astating sho*t te*,
i,pact on 6usiness th*ough a la*ge nu,6e* of pe*sons 6eing a6sent f*o, 5o*4 at the
sa,e ti,e. !e*tain illnesses can ha+e a longe*8te*, effect on the 6usiness 5he*e long
te*, illness o* death *esults. &n exa,ple of this ext*e,e situation is occu**ing in !hina
no5 5ith the epide,ic of S&RS.

EJuipment .ailure /excluding I# 1ard%are27 &ll 6usinesses *ely on a 5hole *ange of
diffe*ent types of eBuip,ent in o*de* to *un thei* 6usiness p*ocesses. In ,any cases1 it is
possi6le to ,o+e to alte*nati+e p*ocesses to ena6le the 6usinesses p*ocess to continue 6ut
his *eBui*ed conside*a6le planning and p*epa*ation.

.ire7 Ci*es a*e often de+astating and can 6e sta*ted th*ough a 5ide *ange of e+ents1
5hich ,ay 6e accidental o* en+i*on,ental. #he i,pact on the 6usiness 5ill +a*y
depending on the se+e*ity of the fi*e and the speed 5ithin 5hich it can 6e 6*ought unde*
cont*ol. & fi*e can cause hu,an in=u*y o* death and da,age can also 6e caused to
*eco*ds and eBuip,ent and the fa6*ic o* st*uctu*e of p*e,ises.

.lood7 Cloods *esult f*o, thunde*sto*,s1 t*opical sto*,s1 sno5 tha5s o* hea+y and
p*olonged *ainfall8causing *i+e*s to o+e*flo5 thei* 6an4s and flood the su**ounding a*eas.
Cloods can se*iously affect 6uildings and eBuip,ent causing po5e* failu*es and loss of
facilities and can e+en *esult in in=u*y o* death.

.reezing 'onditions7 C*ee@ing conditions can occu* in 5inte* pe*iods and the effects
can 6e de+astating. Hhe*e te,pe*atu*3es fall in excess of - 30 !entig*ade they can
c*eate conditions1 5hich significantly dis*upt 6usinesses and e+en cause death o* in=u*y.
Businesses and ho,es can 6e se*iously affected th*ough 6u*st pipes1 inadeBuate heating
facilities1 dis*uption to t*anspo*tation and ,alfunctioning eBuip,ent. Ho*4 unde*ta4en
outside of 6uildings in the open en+i*on,ent 5ill o6+iously 6e se*iously affected.

4ot Site7 & data cente* facility o* office facility 5ith sufficient ha*d5a*e1
co,,unications inte*faces and en+i*on,entally cont*olled space capa6le of p*o+iding
*elati+ely i,,ediate 6ac4up data p*ocessing suppo*t.

4urricane7 9u**icanes a*e sto*,s 5ith hea+y ci*cula* 5inds exceeding 60 ,iles pe*
hou*. #he hu**icane contains 6oth ext*e,ely st*ong 5inds and to**ential *ain. 9u**icanes
can cause flooding1 ,assi+e st*uctu*al da,age to ho,es and 6usiness p*e,ises 5ith
associated po5e* failu*es1 and e+en in=u*y and death.
62

Impact7 I,pact is the cost to the ente*p*ise1 5hich ,ay o* ,ay not 6e ,easu*ed in
pu*ely financial te*,s.

Incident7 &ny e+ent1 5hich ,ay 6e1 o* ,ay lead to1 a disaste*.

Information Security7 #he secu*ing o* safegua*ding of all sensiti+e info*,ation1
elect*onic o* othe*5ise1 5hich is o5ned 6y an o*gani@ation.

Internal arrangement7 "the* *oo,s 5ithin the o*gani@ation could 6e eBuipped to
suppo*t 6usiness functions :i.e.1 t*aining *oo,s1 cafete*ias1 confe*ence *oo,s1 etc;

Internal po%er failure7 &n inte*nal po5e* failu*e is an inte**uption to the elect*ical
po5e* se*+ices caused th*ough inte*nal eBuip,ent o* ca6ling failu*e. #his type of fault
5ill need to 6e *epai*ed 6y a Bualified elect*ician and delays 5ill ine+ita6le i,pact on the
6usiness p*ocess. Hhe*e pa*ticula*ly se*ious faults ha+e occu**ed1 such as da,age to
,ain ca6les1 the *epai*s could ta4e so,e ti,e and could ha+e a se+e*e effect on the
6usiness.

Irritating7 U#)B 5ould 6e a6le to exe*cise *est*aint and di*ect influence o+e* the
e+ent1 *e,aining in *elati+e cont*ol of 6usiness.

-oss of drainage " %aste removal7 #he loss of d*ainage o* 5aste *e,o+al is li4ely to
cause a se*ious sanitation and health issue fo* ,ost 6usinesses. #his is li4ely to i,pact
on the 6usiness th*ough the possi6le loss of its 5o*4fo*ce du*ing the pe*iod 5he*e
d*ainage se*+ices a*e not a+aila6le. #his1 in tu*n1 5ill ha+e an i,,ediate i,pact on
*e+enue.

-oss of gas supply7 #he loss of gas supply can 6e ext*e,ely se*ious 5he*e the 6usiness
*elies on gas to fuel eithe* its p*oduction p*ocesses o* p*o+ide heating 5ithin its p*e,ises.
#he i,pact that a loss of gas supply can ha+e on the p*oduction p*ocess can *esult in the
5hole p*ocess shutting do5n. #he i,pact on the o*gani@ation 5ill also 6e pa*ticula*ly
acute 5he*e the loss of gas8fi*ed heating could *ende* the p*e,ises unusa6le du*ing
pe*iods of lo5 exte*nal te,pe*atu*es.

-oss of records or data7 #he loss of *eco*ds o* data can 6e pa*ticula*ly dis*upti+e 5he*e
poo* 6ac4up and *eco+e*y p*ocedu*es *esult in the need to *e8input and *e8co,pile the
*eco*ds. #his is no*,ally a slo5 p*ocess and is pa*ticula*ly la6o* intensi+e. #his can
*esult in an inc*ease in costs th*ough additional 5o*4ing hou*s and a g*eat deal of
e,6a**ass,ent 5he*e info*,ation is unexpectedly not a+aila6le.

-oss of %ater supply7 #he loss of the 5ate* supply is li4ely to close do5n a 6usiness
p*e,ises until the supply is *esto*ed. Hhe*e the 5ate* is used in the p*oduction p*ocess
this is pa*ticula*ly se*ious. #he loss of 5ate* supply is also a health and safety issue as
,ini,u, sanita*y needs cannot 6e ,et. #his is often caused th*ough a fault in a 5ate*
supply *oute o* as a *esult of a pa*ticula*ly se+e*e d*ought.
63

Island accessibility7 Since 'al+eston is an island and has li,ited accessi6ility1 access to
the island 6y e,ployees1 supplies and custo,e*s 5ill need e+aluated and assessed.

I# system failure7 Hith the al,ost total le+el of dependence on I# syste,s 5ithin the
+ast ,a=o*ity of 6usinesses1 a failu*e to these syste,s can 6e pa*ticula*ly de+astating.
#he types of th*eats to co,pute* syste,s a*e ,any and +a*ied1 including ha*d5a*e
failu*e1 da,age to ca6les1 5ate* lea4s and fi*es1 ai* conditioning syste, failu*es1 net5o*4
failu*es1 application syste, failu*es1 teleco,,unications eBuip,ent failu*es etc.

,eig1bor1ood 1azard7 & neigh6o*hood ha@a*d is defined as a dis*upti+e e+ent in the
close +icinity1 5hich di*ectly o* indi*ectly affects you* o5n p*e,ises and e,ployees. &n
exa,ple 5ould 6e seepage of ha@a*dous 5aste o* the escape of toxic gases f*o, a local
che,ical plant. 9ealth and safety *egulations *eBui*e that the o*gani@ation ta4e suita6le
action to p*otect its e,ployees. #his ,ay ha+e se+e*e dis*upti+e i,plications fo* the
6usiness pa*ticula*ly 5he*e it can ta4e so,e ti,e to clea* the ha@a*d.

Off:site location7 & sto*age facility at a safe distance f*o, the p*i,a*y facility1 5hich is
used fo* housing *eco+e*y1 supplies1 eBuip,ent1 +ital *eco*ds etc.

Operational Impact7 &n i,pact1 5hich is not Buantifia6le in financial te*,s 6ut its
effects1 ,ay 6e a,ong the ,ost se+e*e in dete*,ining the su*+i+al of an o*gani@ation
follo5ing a disaste*.

Outage7 #he inte**uption of auto,ated p*ocessing syste,s1 suppo*t se*+ices o* essential
6usiness ope*ations that ,ay *esult in the o*gani@ation7s ina6ility to p*o+ide se*+ice fo*
so,e pe*iod of ti,e.

Period of #olerance7 #he pe*iod of ti,e in 5hich an incident can escalate to a potential
disaste*.

Petroleum and oil s1ortage7 Co* ,ost count*ies in the 5o*ld1 a pet*oleu, sho*tage can
occu* at any ti,e. #his has a se*ious i,pact on 6usinesses as *ationing is li4ely to 6e
i,posed i,,ediately affecting t*anspo*tation and the no*,al ope*ations of diesel o*
pet*ol fuelled ,achine*y.

eciprocal arrangement7 &n ag*ee,ent in 5hich t5o pa*ties ag*ee to allo5 the othe* to
use thei* site1 *esou*ces o* facilities du*ing a disaste*.

ecovery Point Objective /PO27 #his is defined 6y the data content o5ne* of an I#
application. It is the point in ti,e that the application ,ust 6e *esto*ed to.

ecovery #ime Objective /#O27 #his is defined 6y the data content o5ne* fo* an I#
application. It is the ti,e f*o, disaste* decla*ation to the *esto*ation of the application.

62
esumption7 #he p*ocess of planning fo* andAo* i,ple,enting the *eco+e*y of c*itical
6usiness ope*ations i,,ediately follo5ing an inte**uption o* disaste*.

is! Assessment K $anagement7 #he identification and e+aluation of ope*ational
*is4s that pa*ticula*ly affect the ente*p*ise7s a6ility to function and add*essing the
conseBuences.

is! eduction or $itigation7 #he i,ple,entation of the p*e+entati+e ,easu*es1
5hich *is4 assess,ent1 has identified.

Scenario7 & p*e8defined set of e+ents and conditions1 5hich desc*i6e an inte**uption1
dis*uption o* disaste* *elated to so,e aspect :s; of an o*gani@ation7s 6usiness fo* pu*poses
of exe*cising a *eco+e*y plan :s;.

Self:service7 &n o*gani@ation o* 6usiness function can t*ansfe* 5o*4 to anothe* of it7s
o5n locations.

Service -evel Agreement /S-A27 &n ag*ee,ent 6et5een a se*+ice p*o+ide* and se*+ice
use* as to the natu*e1 Buality1 a+aila6ility and scope of the se*+ice to 6e p*o+ided.

Site access denial7 &ny distu*6ance o* acti+ity 5ithin the a*ea su**ounding the site
5hich *ende*s the site una+aila6le1 e.g. fi*e1 flood1 *iot1 st*i4e1 loss of se*+ices1 fo*ensics.
#he site itself ,ay 6e unda,aged.

System ecovery7 #he p*ocedu*es fo* *e6uilding a co,pute* syste, to the condition
5he*e it is *eady to accept data and applications. Syste, *eco+e*y depends on ha+ing
access to suita6le ha*d5a*e.

#erminal7 U#)B 5ould 6e una6le to achie+e its co*e pu*pose and una6le to conduct its
,ission

#1eft7 #his ha@a*d could *ange f*o, the theft of goods o* eBuip,ent to the theft of
,oney o* othe* +alua6les. In addition to possi6le financially da,aging the o*gani@ation1
they can cause suspicion and unce*tainty 5ith the 5o*4fo*ce 5he*e it ,ay 6e 6elie+ed
that one o* ,o*e of the, could ha+e 6een in+ol+ed.

#ornado7 #o*nadoes a*e tight colu,ns of ci*cling ai* c*eating a funnel shape. #he 5ind
fo*ces 5ithin the to*nado can *each o+e* 200 ,iles pe* hou*. #o*nadoes can often t*a+el
in excess of ?0 ,iles pe* hou*. #hey can cause significant st*uctu*al da,age and can also
cause se+e*e in=u*ies and death.

+ital ecords7 &ll data and info*,ation *eBui*ed to suppo*t 6usiness functions :i.e.1
histo*ical1 *egulato*y *eBui*e,ents including1 6ut not li,ited to1 policy and p*ocedu*es
,anuals1 input docu,ents o* data1 ,anuals fo* soft5a*e and othe* applications1
+endo*Acusto,e* lists 5ith phone nu,6e*s1 and 6ac4up tape files.; &dditionally1 these
*eco*ds should 6e ,aintained off8site at a thi*d pa*ty +endo* o* co,,and cente*.
6?

Aarm Site7 & data cente* o* office facility 5hich is pa*tially eBuipped 5ith ha*d5a*e1
co,,unications inte*faces1 elect*icity and en+i*on,ental conditioning capa6le of
p*o+iding 6ac4up ope*ating suppo*t.

Aor!place violence7 &cts of +iolence in the 5o*4place can affect ,o*al1 a6senteeis,1
c*eate fea* and unce*tainty and inc*ease the *ate of tu*no+e* of e,ployees. #his can ha+e
a significant affect on p*oducti+ity and could also *esult in clai,s fo* 5o*4e*s
co,pensation1 ha*ass,ent clai,s and a need fo* inc*eased secu*ity ,easu*es.
Statistically1 this type of incident is especially p*e+alent at o*gani@ations 5hich ha+e
*ecently ,e*ged o* a*e 6eing *e8si@ed o* *est*uctu*ed1 5he*e the*e a*e *egula* th*eats of
indust*ial action1 o* 5he*e pe*,anent e,ployees ha+e 6een *eplaced 5ith te,po*a*y
e,ployees.

Business Continuity Plan

Uploaded by

Copyright:

Available Formats

Business Continuity Plan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Business Continuity Plan

Uploaded by

Copyright:

Available Formats

If you need assistance in filling out any of this plan

Please contact Randy Jones at ext. 23868.

You might also like