Yale University Business Continuity Planning Quick Start Guide

Similar documents
Guide to Business Continuity and Recovery Planning

GUIDE TO CONTINUITY PLANNING

Creating a Business Continuity Plan for your Health Center

CISSP Certified Information Systems Security Professional (CISSP)

Guide to Business Continuity and Recovery Planning

University of Houston Downtown. Continuity of Operations Plan (COOP) Liaison Program

1/8/2015. Learning Objectives. Why have a plan? Emergency Preparedness, Business Continuity, and Disaster Recovery. Can you anticipate the unexpected?

Guide to Campus Continuity Planning

Business Continuity Management Policy and Framework

Advancing your BCP Program

EDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK

Continuity Planning Made Easy

Department of Environmental Health & Safety Continuity Planning Program Training - Partnership - Compliance. Continuity Planning

Guidelines for creating a Business Impact Analysis (BIA)

Business/Academic Continuity Guidebook UTA Ready

Loyola University Maryland Business Continuity Planning - FAQ

Business Continuity / Disaster Recovery Follow-up

City of Saskatoon Business Continuity Internal Audit Report

Business Continuity Overview

Business Resilience: Equipping the FM for Success

Disaster Recovery Planning

Business Continuity & IT Disaster Recovery

Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

2016 Business Continuity / Disaster Recovery Internal Audit Report

Business Continuity Framework

Citizens Property Insurance Corporation Business Continuity Framework

UReady FAQs. 1. How do I access the UReady Continuity Planning tool?

Coastal Equities, Inc.

Guide to Business Continuity and Recovery Planning

EMERGENCY OPERATIONS PLANNING AND CONTINUITY OF OPERATIONS

University Information Technology Services. Business Impact Analysis For {System Name}

Continuity of Operations Planning (COOP)

Observer Information Form. Mission Continuity Tabletop Exercise

Unit 3: Elements of a Viable Continuity Capability

BACK TO BASICS BUSINESS CONTINUITY MANAGEMENT 101. June 11, 2013

How Does Business Continuity Differ from Emergency Preparedness?

Mission Essential Functions

Business Continuity Management and Business Impact Analysis (BIA)

Office of Internal Audit. The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery. Internal Audit Report 16:32

Audit of Business Continuity Planning (BCP) Audit and Evaluation Branch

Jennie Clinton, Pearce Global Partners May 10 th, 2012

(ISC)2 CISSP EXAM BUNDLE

Federal Continuity Directive 2 (FCD 2) Federal Executive Branch Mission Essential Function and Primary Mission Essential Function Identification and

Staying Disaster-Ready in Treasury

Business Continuity vs. Incident Command

UNIVERSITY OF HOUSTON

DRI CBCP. Certified Business Continuity Professional.

CONTINUITY OF OPERATIONS PLAN

Business Continuity Management An Auditor s Perspective July 25, 2017

Testing and Exercising. Continuity Forum May 17, 2012

Business Continuity Management Policy. Guidance

CPOtracker Template Package

BCM Lite a quick and easy guide to BCM for beginners and/or small businesses

Introduction to BCP and DR Planning

Business Continuity Training and Testing: Narrowing the Gaps

Business Continuity Through Planning, Prevention and Preparedness. READINESS RESOURCES

University of Houston Business Continuity Planning Office of Emergency Management

Business Continuity Planning (BCP) Master Depository. Section 2 : REGULATORY DOCUMENTS. Chapter 1 : CSU requirements

Business Continuity/ Disaster Recovery. Sean Gunasekera

BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP

Starting a Business Continuity Program? Where do I jump on?

Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Are you ready? Is your organization ready for an unexpected emergency? 10/21/2015. Gloria Van Spanckeren Senior Planner

BUSINESS CONTINUITY AS A SERVICE

How to apply the 10 BCP best practices to Treasury

Continuity Planning and Recovery Guide. Laboratories and Research Facilities

Continuity of Operations Plan (COOP) Insert Organization Here

Cambridge Climate Resiliency Tabletop Exercise Business Continuity Coordination. After Action Report April 25, 2018

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

Business Continuity Management and Resilience Framework

UNIT 8: NEXT STEPS. Student Manual. Federal Emergency Management Agency Emergency Management Institute

GOVERNANCE TOOLKIT. Business Continuity Management. Version 1: 1 March 2016 THIS TOOLKIT PROUDLY SUPPORTED BY

CONTINUITY OF GOVERNMENT (COG) and CONTINUITY OF OPERATIONS (COOP)

BUSINESS CONTINUITY MANAGEMENT

Business Continuity Through Planning, Prevention and Preparedness. READINESS RESOURCES

Meet Our Presenter. Equipping You For Success: An ISO Certification Case Study

BUSINESS CONTINUITY A STUDY OF CURRENT PRACTICES. FEBRUARY 2018 Bernard Granka, Vice President Facilities Services

Business Continuity 101. Fairchild Resiliency Systems

Continuity of Operations (COOP) For EMS Agencies

Essential Concepts. For Effective. Business Continuity Planning

Book A : REFERENCE DOCUMENTS

Top 10 Mistakes Made During a Disaster

BUSINESS CONTINUITY PLANNING WORKPROGRAM

Auditing the Corporate Business Continuity Plan. Seth Davis, CIA, CFSA, CPA, CISA, CISSP, CFA, CPCU

5/28/2018. Disaster Recovery Are You Ready. Speaker. Agenda

The Disaster Experience: Putting Business Continuity to the Test

FOUNDATION OF THE PLAN WAS A RISK ANALYSIS. Basic Flaw focus on threat probability instead of potential impact

CONTINUITY OF OPERATIONS (COOP)

Business Continuity Framework v

BCP Methodology Benefits realisation

A Guide to Business Continuity

Business Continuity Planning and Disaster Recovery Planning

Navigating the Intersection of Vendor Management and Business Continuity

Disaster Preparedness Critical Elements of Centurion Business Continuity Planning. Tom Williams Centurion Business Continuity Strategy Manager

Business Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science

Business Continuity & Disaster Recovery

Business Continuity and Disaster Recovery Overview

Keep Your Company Moving After A Disaster With A Business Continuity Plan (BCP)

Transcription:

Yale University Business Continuity Planning Quick Start Guide Introduction A Business Continuity Plan (BCP) (previously referred to as Continuity of Operations Plan or COOP) is a collection of resources, actions, procedures, and information that is developed, tested, and kept ready in the event of a major disruption of operations. It helps prepare departments to continue their essential functions after a disaster or other major disruption. Having a business continuity plan will help minimize the impact on your department, help reduce down-time, and help you return to normal operations as quickly as possible. A business continuity plan is different from an Emergency Response Plan. An emergency response plan tells you what to do immediately before or during an emergency, like what to do if you see a fire, or what to do during a blizzard. A business continuity plan helps you minimize the impact on our business regardless of the incident and helps you return to normal operations as soon as possible. Introduction to Business Continuity Video The Introduction to Business Continuity Planning video provides an excellent overview of how to develop a business continuity plan. It illustrations the planning process, available resources, the creation of a planning team, and much more. Viewing the video and reading this Quick Start Guide are important first steps in developing your business continuity plan. Business Continuity Planning Guide The Guide to Business Continuity and Recovery Planning is available on the Emergency Management website and includes worksheets to help collect and organize information as well as additional planning and preparedness suggestions. The guide, including all of the worksheets, is available as a fillable and printable pdf document. The worksheets are also available individually in MS Word or Excel. Different versions of the guide are available for different audiences. The guide also has an Emergency Response section with information, instructions, and checklists to use in the aftermath of a disaster or major disruption. Business Continuity Software RSA Archer is the Enterprise Governance, Risk and Compliance (egrc) software application used by the University to manage business continuity plans. The application supports the process of documenting essential functions, completing a Business Impact Analysis, and creating the Business Continuity Plan. Archer replaces the COOP application previously used. Selected individuals within each business organization will be granted access to Archer. Contact the Business Continuity Program Manager to arrange Archer access. Department or Organization Planning Team Developing a business continuity plan should not be delegated to just one person. An important factor to successful BC planning is having the right people helping. Designate one person to be the lead business continuity coordinator then form a small planning team to help bring all of the pieces together. You will also want to identify a staff member to be responsible for entering the information into the Archer application. Existing Emergency Procedures Start your business continuity planning by reviewing any existing business continuity plans or emergency procedures. Much of the information you will need for your BC plan may already be part of your existing plans. Business Continuity Planning Quick Start Guide (Sept 2016) Page 1

Overview of Business Continuity Planning There are 4 phases of creating a business continuity plan. Each phase builds on information from the previous phase. The entire process can be completed over a six to eight-week period. The four phases are explained below. Phase One: Determine the Essential Functions and Essential Resources of your department or organization Phase Two: Conduct a Business Impact Analysis (BIA) for each Essential Function Phase Three: Develop Business Continuity Recovery Strategies and Tasks Phase Four: Test / Review your Plan Phase 1: Determine Essential Functions and Essential Resources The first step in BC planning is to identify the essential functions of your department as well as the essential resources needed for each function. Essential functions of your department are those services, programs, or activities that are necessary to your on-going business and would directly affect the success of your department if they were to stop for an extended period of time. Your essential functions will serve as your guide for how to restart your operations following a disaster or major disruption. In general, you should be able to organize your operations into four to six essential functions, more if you are a highly complex department or unit. Along with identifying your essential functions, you will need to identify the essential resources needed by each function. Resources include people, facilities, specialized equipment and supplies, ITS applications and services, and essential vendors. The planning guide includes several useful worksheets to help you organize and document your essential functions and resources. Phase 2: Conduct a Business Impact Analysis for each Essential Function A Business Impact Analysis (BIA) is completed for each essential function to help assess and document potential impacts and negative consequences of a disaster or major disruption on the function. Completing a BIA also helps establish recovery priorities by looking at dependencies, peak periods, harmful consequences, and financial risks. Using a series of multiple choice and fill in the blank questions, the Archer application will produce a BIA Criticality Scorecard for each essential function. The BIA information is entered into the Archer application and submitted to the Business Continuity Manager for review. Department or unit leadership should complete an internal review of the BIA before submitting it for formal review by the BC Manager. Your BIAs must be approved before going onto Phase 3. The planning guide includes a detailed worksheet to help you complete a BIA for each function. Business Continuity Planning Quick Start Guide (Sept 2016) Page 2

Phase 3: Developing Business Continuity Recovery Strategies and Tasks In Phase 3 you will develop and document actions and procedures that will enable your department or organization to maintain or resume operations as quickly as possible following a disaster or major disruption. This will involve developing Recovery Strategies and Recovery Task. Recovery Strategies are the overarching objectives to achieve. They indicate what the department or unit needs to do to return to normal operations. Example: If one of your essential function is managing staff schedules, then the recovery strategy is To continue managing staff schedules. Each recovery strategy is followed by recovery tasks. Tasks are specific actions or activities taken to accomplish the strategy. Recovery tasks serve as checklists that guide your recovery actions and are organized by required resources People, Places, and Things. Tasks also identify the roles or individuals who will be responsible for executing the tasks. The planning guide includes a detailed Recovery Planning Worksheet to help you organize and document your recovery strategies and tasks. Phase 4: Testing and Evaluation Once your business continuity plan is finished, you will want to test it to be sure that your department or unit is familiar with it. One way to test your plan is to conduct a tabletop exercise or walkthrough. Include all of your planning team as well as others in your department or unit who would be involved during and after a disaster or major disruption. Develop a plausible scenario that might impact your department (e.g., fire, sprinkler malfunction) and discuss the actions you would take to maintain or restore your operations under a variety of situations. Compare your discussion with your plan and make any adjustments as needed. Additional information about conducting a tabletop exercise can be found in the Business Continuity section at https://emergency.yale.edu. Additional Business Continuity Planning Considerations The planning guide also includes useful information on other important business continuity topics such as how to avoid possible IT issues, emergency relocations, emergency communications, and personnel preparedness. Review these sections of the guide and incorporate them into your overall plan. Entering Your Plan into Archer Once you have completed the planning guide you will need to enter your plan into the Archer application. Contact the Business Continuity Program Manager at BCManagment@yale.edu for access to the Archer application. Training is available. Submitting Your Plan for Review and Approval After you have completed your plan and entered it into the Archer application, you are ready to submit it for review and approval by the Yale Office of Emergency Management. Before submitting your plan, be sure that your department leadership has thoroughly reviewed the entire plan. Business Continuity Planning Quick Start Guide (Sept 2016) Page 3

Available Training and Support Training is available to support business continuity planning. Information sessions and workshops are scheduled throughout the year in different locations and cover all aspects of developing a BC plan. Recorded versions of the workshops are also available on the Emergency Management website. Introduction to Business Continuity Planning This 60-minute session covers all the aspects of what is involved with creating a BC plan for your department or unit including a review of available resources, expected time commitment, available training and support, and more. Who should attend: Department business continuity or emergency planning coordinators with a good working knowledge of the department. Business Continuity Planning Workshop Series Three 90-minute workshops that cover specific topics related to BC planning. Workshops follow the planning guide and require individual work before and after each workshop. At the completion of three workshops, participants will have a fully executable BC plan for their department or unit. Who should attend: Department business continuity or emergency planning coordinators with a good working knowledge of the department and a commitment to creating an effective BC plan. Workshops: #1: Determining your Essential Functions. Completing a BIA, Determining Essential Resources #2: Developing Recovery Strategies and Recovery Tasks #3: Creating Recovery Teams. Entering your plan into the Archer application Archer Basic Navigation Instructions and Cheat Sheets Basic navigation instructions, training presentations, and Cheat Sheets are available within the Archer application and are also included as part of the planning workshops. Training Options: There are two training option available In-Person and On-Demand. In-Person workshops cover the foundations of BC planning in a small group setting. They follow the planning guide and allow for maximum interaction with the instructor. In-person workshops are recommended for individuals new to BC planning or those who prefer an interactive training program. On-Demand trainings are condensed recorded webinar versions of the in-person workshops. Trainings can be viewed at any time from any computer and use the same training materials as the in-person workshops, but do not include the ability to interact with the instructor. On-demand trainings are recommended for experienced BC planners and those who desire more flexible training options. On-Demand trainings can also be used to supplement the in-person trainings. Additional information and instructions for how to register are available on the business continuity section of http://emergency.yale.edu. Click on the BC Planning Training Options link in the Resources section. Annual Updater and Reviews Business Continuity Plans need to be reviewed and updated on an annual basis. The Archer application will notify plan owners automatically when their plans are due for review. Estimated Time Commitment Developing a quality BC plan for the first time take time and commitment. Expect to spend 4-6 hours developing your initial BC plan. Your actual time will vary depending on the complexity of your department or organization. Business Continuity Planning Quick Start Guide (Sept 2016) Page 4

Helpful Definitions: Business Continuity (BC) is the framework for building resilience and continued operations with little or no interruption, irrespective of the adverse circumstances or events. It involves planning and preparation to ensure that an organization can continue to operate in case of a disaster or major disruption, and is able to recover to an operational state within a reasonably short period. Business Continuity Planning is the process of developing prior arrangements and procedures that enable Yale to respond to an interrupting event in such a manner that critical business functions can continue within planned levels of disruption. The end result of this activity is an effective Business Continuity Plan (BCP). Business Continuity Plan (BCP) is a document which provides guidance and steps for recovery in a specified period of time for a specified function or process. It is written in enough detail so that those required will be able to execute the plan with minimal delay. It is a collection of resources, actions, procedures, and information that is developed, tested, and held in readiness for use in the event of a major disruption of operations. Business Impact Analysis (BIA) is a detailed assessment of the possible consequences of a disruption of an essential function and collects information needed to develop recovery strategies to help quickly resume operations. Critical Functions are those that are necessary to life, health, safety and security of the campus community. These functions must continue at a normal or increased level during an incident. The life, health, safety and security functions will never close and will always require people on campus. Continuity of Operations Plan (COOP) is a planning term previously used to indicate business continuity planning. A COOP is very similar to a BCP in that they are both created to help the organization recover from a disaster, however Business Continuity Planning is used more by businesses or corporations and Continuity of Operations is used more by Federal, State, and Local governments. Disaster Recovery (DR) / Disaster Recovery Plans usually refers to specialized planning for computer and IT systems including plans for restoring critical IT databases, products, services, and equipment. A specialized sub-group of Business Continuity Planning. Essential Functions are services, programs, or activities that are necessary to the on-going business of the University and would directly affect the creation, dissemination and preservation of knowledge if they were to be suspended for an extended period of time. Departmental essential functions are the primary services, programs, or activities that a department preforms. They are the core activities of a department. Stopping them for an extended period of time would directly affect the success of the department Emergency Operations Plan (EOP) is a comprehensive plan developed to ensure appropriate response to and recovery from natural and man-made hazards. Recovery Time Objective (RTO) is the maximum length of time that a specific business function or resource can be unavailable before causing significant disruption of operations. Also referred to as Maximum Allowable Downtime. Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time. It is the maximum age of the files or data in backup storage required to resume normal operations if a network failure occurs. Business Continuity Planning Quick Start Guide (Sept 2016) Page 5

Checklist for Developing a BC Plan! Review BCP Quick Start Guide! Watch the Introduction to Business Continuity Planning video! Download the appropriate planning guide! Designate a lead BC coordinator! Create a Planning Team with several staff from your department or unit! Review any existing Emergency Plans! Attend Introduction to BC Planning"! Sign-up and attend the Business Continuity Planning workshop series"! Review and complete the BC planning guide! Request access to the Archer BC software application! Enter your plan into the Archer application! Submit your plan for review and approval by the Business Continuity Program Manager " Alternately: If you cannot wait until the next series of workshops begin, or prefer more flexible training options, you may view the workshops On-Demand on the Office of Emergency Management website: http://emergency.yale.edu. # For more information, contact the Business Continuity Program Manager at bcmanagement@yale.edu. Business Continuity Planning Quick Start Guide (Sept 2016) Page 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback