A Snapshot of Business Continuity at University of Kentucky

University of Kentucky Police Department

Division of Crisis Management & Preparedness

Organizational Structure

Captain of Crisis Management and Preparedness

UK Chief of Police

Emergency Management Lieutenant

Business Continuity Coordinator

Records Coordinator

Overview of Business Continuity Plans Business Continuity Plans (BCPs): ◦ Prepare to respond to various types of operational interruptions; ◦ Emergency delegation of authority and a line of succession; ◦ Safekeeping of essential personnel, resources, facilities, and vital

records; ◦ Emergency acquisition of resources necessary for business

resumption; ◦ The capability to perform critical functions remotely until

resumption of normal operations; ◦ Establish training and exercise needs.

• 59%... Business leaders have experienced crisis at current or former company

• 32%... Of those crises led to drop in revenue

• 24%... Led to cutbacks or layoffs

Source: 2011 Burston-Marsteller study

2011 Study

• 25%... Never reopen • 80%... Likely to go out of business • 75%... Fail within 3 years

Those Businesses with a BCP…

• 82%... Impact Mitigated • 74%... Continue delivering key products & services

Source: Business Continuity Institute, 2012

Businesses Following a Disaster…

Authorities UK’s BCP template was developed in accordance with recommendations and guidelines from: • The Homeland Security Act of 2002 • The National Security Act of 1947 • Federal Continuity Directive 1 • Continuity Guidance Circular 1 • Incident Command System (ICS) • National Incident Management System (NIMS)

University of Kentucky Hazards • Naturally Occurring Events

– Tornado, Ice Storm, Flood

• Technologic Events – Power Outage, Communications Failure

• Man-Made Events – Terrorism, VIP Situation, Civil Disturbance

• Hazardous Materials – Chemical or Radiologic Exposure or Terrorism

• Academic Portfolio • Research Enterprise

– Existing & Future • Retention

– Faculty & Students • Reputation • Health Care • Confidence

– Students, parents, faculty, funders, etc.

• Intellectual Capital • Infrastructure • Institutional Branding • Extension Services • Public Service Role

– Special Events • Donations

– Development • Funding

– Grants / Revenue

Why should University departments have a BCP?

$3 Billion Annual Budget

• State appropriations from the Commonwealth • Tuition dollars assessed to our students • Grants and contracts and the associated Facilities

and Administrative Costs • Fees • Gifts • Endowment income • Sales and service • Clinical revenue

Where do the plans fit in?

.............. Business Continuity Plan............ Event

Building Emergency Action Plan

Critical 0-12 hours

Essential 12 hours -30 days

Recover as Needed 30 days +

Goals of Business Continuity Planning

• Departmental decision-making

• Individualized & Do-It-Yourself

• Thought-Provoking

• Simple / Accurate / Viable

• Knowledgeable, Trained & Ready Staff

• Well Maintained

BCP Departmental Template Phase 1: Readiness & Preparedness

• Department Identification

• Department Functions

• Human Capital

• Leadership

University Functions Emergency Support Functions (ESF): The functions which represent the overarching responsibilities to lead and sustain the University during a catastrophic emergency. These functions MUST be continued throughout, or resume shortly after, a disruption of normal operations. Mission Essential Functions: The limited set of University-level functions that are secondary or tertiary to carrying out the responsibilities of the department.

Emergency Support Functions #1 Transportation #2 Communications #3 Public Works/Engineering #4 Firefighting #5 Emergency Management #6 Mass Care, Emergency Assistance, & Human Services #7 Resource Support #8 Health & Medical Services

#9 Search & Rescue #10 Hazardous Materials #11 Nutrition Services #12 Energy #13 Public Safety & Security #14 Long-Term Recovery #15 External Affairs

Mission Essential Functions

• Disruption to research

• Disruption to patient care

• Disruption to animal care

• Departure of faculty/staff

• Departure of students

• Payment deadlines unmet

• Loss of revenue

• Legal obligations unmet

• Legal harm to UK

• Impact on other units

• Impact on business partners

• Other

Human Capital

• Faculty and other academic appointees • Residents / Fellows • Staff (Full-Time) • Staff (Part-Time, excluding students) • Student Staff • Volunteers • Guests • Other

• Continuity Personnel / ERG Group

• Orders of Succession:

• Delegations of Authority:

Leadership

Position Designated Successors UK Vice President for Student Affairs

1. Associate Vice President for Student Affairs / Dean of Students 2. Associate Vice President for Student Affairs 3. Director, Counseling Center: Consultation and Psychological Services

Delegating Action Delegating Authority The Board of Trustees at the University of Kentucky is designated to perform the purchasing and capital construction contracting functions.

Executive Vice President for Finance & Administration Director of Purchasing

Phase II: Activation & Relocation (0-12 Hours)

• Communication

• Staff Readiness

• Continuity Facilities

Communication • UK ALERT

• UK NOW

• Other systems used to contact employees:

– Phone (Voice/Text) – Pager – Email – Call Tree – Department Website – Instant Messaging – Social Media (Facebook / Twitter) – Other

Staff Readiness

• Child Care / Elder Care

• Counseling & Mental Health

• Family Support Planning (www.ready.gov)

• CRISIS Program

• Shared Leave Pool

Continuity Facilities • Locations Occupied

• Owned / Leased?

• Number of Workstations

• Security / Access Requirements

• Alternate Facilities

• Relocation Sites

Phase III: Continuity of Operations (12 hours – 30 Days or until resumption of normal operations)

• Records Management

• Dependencies

Records Management & Information Technology

• Vital Records

• Hard Copy / Electronic Copy Locations

• Responsible Contact

• Level of Confidentiality

• Record Retention Policy

• Full & Incremental Backups!

• Virtual Office & Telework Operations

Dependencies

• Products & Services upon which you depend on: – Internal Dependencies (within UK)

– External Dependencies

Phase IV: Reconstitution (Recovery, Mitigation & Termination)

• Devolution of Control

• Test, Train & Exercise

• Plan Maintenance

Devolution of Control

• Evaluate structural soundness / building safety

• Procedures for returning to primary facility

• Notification procedures for employees

• Resume normal activities

• Resupply inventories

• Continued absenteeism and other needs

Test, Train & Exercise • Tabletop discussions

• Drills

• Functional exercises

• After Action Reports

• Building Emergency Action Plan (BEAP)

Plan Maintenance

• Annual Review

• Key position is added, removed or changed

• Change in response protocol

• Incident involving business continuity activation

Presenter

Presentation Notes

This building, built in 1882, was one of the 3 original buildings on campus.

Administration / Main Building Offices

• Ground Floor

– Legal Counsel

– Senate Council

– Equal Opportunity/ Affirmative Action

– University Self-Study

– Academic Affairs

• First Floor

– Office of President

– Vice-Chancellor, Lexington Campus

– V.P. Fiscal Affairs

• Second Floor

– V.P. University Relations

– V.P. Research and Graduate Studies

– Institutional Planning and Budget

– Asst. V.P. to President

– Information Systems

• Third Floor

– Internal Audit

– University Architect

[Photo by Steve Stahlman]

Fire crews work to put out the blaze.

[Photo by Steve Stahlman]

View from the back of the building showing fully engulfed 2nd and 3rd floors.

View looking down from 18th Floor Patterson Office Tower.

[Photo by Steve Stahlman]

Conservation Librarian Whitney Baker and UK Records Program Director Tom Rosko review preparations for entering the building.

2nd floor Office of Vice President for University Relations.

2nd floor Office of Vice President for University Relations

Ground floor office. To save time, file cabinet drawers were removed and placed in the truck for shipment to the drying center, rather than the contents being re-boxed.

Moisture Control Procedures

• Records packed up and placed on refrigerated truck • Records transported to drying center in Chicago • Records Desiccant-dried (Average 2 week turnaround) • Books Vacuum Freeze-dried (Average 6 week

turnaround) • Re-boxed records and books placed in climate

controlled storage area • Records transported back to UK via refrigerated truck

The Records Recovery Center • Vacant office building, temporarily leased to UK

• Temperature 65 degrees, Humidity 50% – Purchased humidifiers and fans

• Fumigated

• Security System

• Installed shelving for ca. 1000 cu.ft.

• Ordered supplies – Paper, folders, boxes, gloves, masks, etc.

• 06/20/01: Met w/ Ground and 1st floors Office staff to review records retention and handling procedures

1st floor, Office of the President. Multi-colored mold growth in corner.

Ground floor office. Mold growth on walls, water collected in ceiling tiles.

MOLD

• Spores are always present, virtually impossible to eliminate

• “Mold-free” window is approximately 48 hours in a water disaster

• High humidity and temperature promote mold growth

• Mold poses significant health risks

• It is much easier to prevent mold growth than to eradicate a mold outbreak

• Environmental Concerns – RH 45-65% ; Temp 70°F ; Air Quality

Reconstruction

Final Thoughts • It takes a village…

– Find your Business Continuity Champions • Risk Management

• Internal Audit

• Student Affairs

– The Little Things • Easy to focus on the large catastrophic events

• Small stuff gets pushed aside and sometimes forgotten

Summary / BCP Deliverables

• Critical Operations?

• Impact of Downtime?

• Negative Impact on Operations?

• Important infrastructure components and data?

• Who is most critical?

• Highest risks?

Laurel Wood

Business Continuity Coordinator University of Kentucky Police Department

Division of Crisis Management & Preparedness http://www.uky.edu/EM/

laurel.wood@uky.edu 859-257-6655