Monica Weintraub Texas A&M University
-
Upload
kirestin-reese -
Category
Documents
-
view
32 -
download
0
description
Transcript of Monica Weintraub Texas A&M University
1
Implementing a Continuity Program at an Institution of Higher Education – A Look at Texas A&M University’s Approach to Continuity Planning
Monica Weintraub
Texas A&M University
2Objectives
• Discuss one approach to continuity planning in higher education.
• Identify lessons learned and discuss special considerations pertaining to higher education.
3Background – Mid 2000s
• TAC 202.24 – Information Security Standards• “State agencies shall maintain written Business
Continuity Plans that address information resources so that the effects of a disaster will be minimized, and the state agency will be able either to maintain or quickly resume mission-critical functions.”
4Background – Mid 2000s (continued)
• Pandemic Flu (H1N5 Avian Flu) Planning• Focused on workforce reduction• Departments started independent plans• Reoccurring questions
• What is the University’s Plan?• How will the University deal with working from
home, etc?
5Internal Audit - 2008
• Findings• Departments had individual plans• Lacked coordination among plans• Needed a university-wide program to
implement and manage continuity planning
6Initial Steps
• Training • IS-546: COOP Awareness Course• FEMA COOP Program Manager’s Train-the-
Trainer Course
• Proposal• Defined program elements• Identified implementation strategy/timeline
7
Create Continuity Framework
8Define Essential Functions
• Critical Infrastructure (CI) – Uninterrupted or resumed within a few hours• A special subset of essential functions with university-
wide implications that address:• Emergency Response Services• Utilities, to include electricity, water, and reasonable climate
control • Communications with internal and external audiences to
include students, faculty, staff and media. • Internet, authentication, and voice communications• Hazardous materials spill response and control, to include
safety handling and proper disposal of toxic substances, biologically hazardous materials, and radioactive materials.
9Define Essential Functions (continued)
• Tier I: 0-12 Hours• Must be restored to minimum level of service
within 12 hours of incident• Functions with direct and immediate effect on
the jurisdiction to preserve life, safety and protect property
• Functions that preserve the University through command and control
10Define Essential Functions (continued)
• Tier II: 12 hours to Two Weeks• Must reach an operations status within 12
hours to two weeks of activation• Must sustain operations for a minimum of 30
days
• Tier III: Two Weeks to 30 Days• Functions that support Tier I and Tier II • Do not need to reach full operation within the
first two weeks following an incident
11
Identify Departments responsible for Critical Infrastructure
• Examples• Facilities Services• Information Technology• Environmental Health and Safety• University Police• University EMS• Division of Finance – Payroll, HR, Contracting
and Procurement, Controller• Transportation Services
12Develop Planning Scenarios
• Single or Multiple Facilities Affected• Fire, loss of utilities, explosion, & severe weather
• Loss of Personnel• Infectious disease outbreak
• Loss of IT or Data• Power outage or equipment failure
13
Identify the Continuity and Recovery Group
• President• Provost and Executive Vice President for Academic
Affairs• Vice President for Research• Vice President for Administration• Vice President for Marketing & Communications• Vice President for Finance• Vice President for Information Technology• Vice President for Student Affairs
14Brief University Administration
• President and Chief of Staff
• Provost
• Members of the Continuity and Recover Group
15
Develop the Institutional Plan
16Write the Plan
• Outlines roles and responsibilities of CRG
• Guidance document for university departments
17Review and Approval
• Sent through chain of command for approval
• Signed by the President
18
Develop the Departmental Plans
19
Modify Institutional Plan into a Departmental Template
• Based off of the Institutional Plan
• Includes Excel worksheets for filling out specifics• Essential Functions• Recovery Time Objectives• Responsible Parties• Alternate Facility Requirements• Etc
20Create Departmental Workshops
• 4-5 hour training
• Review the Institutional Plan
• Introduce COOP Planning Concepts
• Includes activities to walk departments through planning process
21Administer Training
• 1 workshop a week
• Trained critical infrastructure groups together
• Next focused on non-academic departments
• Asked for draft plans within 60 days of training
22
Review Plans / Program Improvement
23
Lessons Learned / Special Considerations
24Lessons Learned
• Set realistic timeframes
• University rule or directive
• Continuity and Recovery Group Model
• Dependency modeling
• Provide relatable and scalable examples
25Special Considerations
• Academics
• Research
• Essential functions vs. essential departments
• Alternate location requirements vs. alternate locations
• IT – ownership of services