Business Continuity Planning - Risk Management …...Presenters Sally Alexander, Director & CRO...
Transcript of Business Continuity Planning - Risk Management …...Presenters Sally Alexander, Director & CRO...
Business Continuity Planning
PDI – January 14th, 2018
Presenters
Sally Alexander, Director & CRO Office of Risk Management & Insurance
Tel: 970 491 7726
Email [email protected]
Angela Gray, Risk Management Assistant & Business Continuity Coordinator
Tel: 970 491
Email [email protected]
Agenda
• What is business continuity planning?
• How is it related to CSU’s Strategic Plan?
• How is it related to emergency response planning, and disaster recovery?
• Why is business continuity important?
• What has been done to date?
• Future plans described
“
”We want to be able to do tomorrow what we were doing
yesterday no matter what happens today
Paul Dimond, UC Berkley
What is Business Continuity Planning?
• Continuity planning is a process that helps:• Identify the essential business functions that support your mission• Assess the potential impact of disruption to those functions• Develop strategies to continue or quickly resume those functions
when faced with adverse events• Evaluate the effectiveness of plans during simulated and actual events
Business Continuity Planning
• Business continuity planning strengthens integrated strategic planning.
Credit: Kuali Ready
Strategic Plan
Mission Driven Goals
Emergency Response
Event Driven Response
Disaster Recovery
Technology Driven Response
Continuity Plans
Time Driven Response
Strategic PlanMission Driven Goals
Continuity PlansTime Driven Response
Emergency Response
Event Driven Response
Fire, Earthquake,Health Epidemic
Disaster Recovery
Technology Driven Response
Data Breach, Virus,Network Failure
Continue or quickly resume essential functions
when faced with adverse
events.
Credit: Kuali Ready
Why important?
CSU’s Strategic Plan
• Goal 4: Research and Discovery• “Protect research infrastructure, highly protected research assets through risk
management best practices- research loss control, flood mitigation, engineering loss controls, monitoring of low temperature freezers, fire suppression & monitoring systems, business continuity planning” (emphasis added)
• Goal 9: Financial Resources • Institutional risk management – “Prudent institutional risk management is evidenced by
identifying, managing and controlling risks and planning for recovery and business continuity” (emphasis added)
CSU’s Strategic Plan
• Goal 10: Physical Resources • Enhanced facilities infrastructure for the place to work and learn - “Security and risk control
for highly protected assets (flood mitigation, engineering loss controls, fire suppression & monitoring systems, freezers); business continuity planning; building and asset security ” (emphasis added)
• Goal 11: Information Management • Provide efficient, effective & robust IT systems in ACNS to enhance uptime and availability
of critical central services as well as departmental services housed in the ACNS Cloud• Provide a secure, protected IT environment to support sensitive data & to ensure
compliance with Payment Card Industry (PCI) requirements. (Note: Business Continuity planning is a PCI requirement.)
Why we need to plan…
“
”He who fails to plan is planning to fail
Winston Churchill
Source: Marsh
The business continuity planEmergency response plan
Activ
ity
Crisis management/communication plan
Businessrecovery plan
A
A successful outcome
Source: Marsh
Objective of business continuity management
Time
Leve
l of b
usin
ess
Critical recovery point
Fully tested effective BCM
No BCM –‘lucky’ escape
No BCM –likely outcome
But its not always the big stuff that can impact critical functions…
Other applications
• Identify critical skills and internal dependencies
• Succession planning
• Cross-training opportunities
• Define career development pathways
• Uncover professional development opportunities
What’s been done so far?
• Pre loaded departmental general information into Kuali Ready
• Reviewed CSU’s Pandemic Flu Plans, and put that information into KualiReady. We know that this information is out of date.
• We are working with VTH, External Relations on their plans.
• RMI, Policy, and EHS – Radiation Control – have plans that need to be updated.
• Internal Audit – Central IT (ACNS & IS)
Where we go from here
• New website with useful information, tools, and resources http://rmi.prep.colostate.edu/bcp/buildaplan
• Build your plan in a year approach to creating a BCP
• Each month has it’s own webpage with clear instructions and time estimates
• Remember, you have a resource, the Business Continuity Coordinator is available via phone, email, or in person
Getting Started – The basics
• Gather department information
• Staff basics
• Key skills
• Key People
• Action Items
• http://rmi.prep.colostate.edu/bcp/buildaplan/month1/
Getting started – Define Resources
• Catalog IT Physical Resources• Department owned servers• Backup practices of staff• Key resources: Equipment and supplies• Key resources: Stakeholders• Action items• http://rmi.prep.colostate.edu/bcp/buildaplan/month2/
Getting started – Critical Functions
• Identify your critical functions• Describe those functions• Assign a level of criticality to each function• Peak Periods• Consequences• Action items• http://rmi.prep.colostate.edu/bcp/buildaplan/month3/
So what do we do?
• RMI will be responsible for Kuali Ready training & education
• BUT WE CAN’T BUILD THE PLAN FOR YOU!!! (And you really don’t want us to.)
• We are here to assist & facilitate plan development
To Get Started
• First step: get authentication simply by logging into Kuali Ready with your CSU EID at http://rmi.prep.colostate.edu/bcp/
• Second step: let Angela know that you have requested access to your plan.
970-491-6169 [email protected]
Questions?
Contact Angela!
Angela Gray, Risk Management Assistant & Business Continuity Coordinator
Tel: 970 491 6169
Email [email protected]