Yale University Business Continuity Planning (BCP) Quick Start Guide



Similar documents
Creating a Business Continuity Plan for your Health Center

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Business Continuity Planning

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Business Continuity Plan

Disaster Recovery and Business Continuity Planning Workshop. Jane Drews University IT Security Officer June 30, 2009

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

Yale Business Continuity Program Emergency Response Guide

Business continuity plan

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

BUSINESS IMPACT ANALYSIS.5

Fundamentals of Business Continuity Planning Have a Plan!

Business Continuity Planning (800)

BUSINESS CONTINUITY PLAN

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY PLANNING GUIDELINES

Business Continuity Management Charter

Business Continuity Management

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

a Disaster Recovery Plan

State of South Carolina Policy Guidance and Training

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Business Continuity Management

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Statement of Guidance

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Business Continuity Planning from the municipal perspective

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Tips and techniques a typical audit programme

MHA Consulting. Business Continuity Management 101

Overview of how to test a. Business Continuity Plan

Situation Manual Orange County Florida

How to Design and Implement a Successful Disaster Recovery Plan

Business continuity plan

Business Continuity Management For Small to Medium-Sized Businesses

SECTION 15 INFORMATION TECHNOLOGY

Disaster Recovery Plan Review Checklist. A High-Level Internal Planning Tool to Assist State Agencies with Their Disaster Recovery Plans

Protecting your Enterprise

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Plan Toolkit

Planning for Disaster Disaster

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Continuity of Operations Plan Template

Business Continuity Planning for Indiana University

Western Intergovernmental Audit Forum

Business Unit CONTINGENCY PLAN

How to Access Disaster Recovery, Business Continuity and Continuity of Operations Plan Templates

Security Architecture. Title Disaster Planning Procedures for Information Technology

How to measure your business resiliency

CONTINUITY OF OPERATIONS PLAN (COOP) Planning Guide and Outline

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

BUSINESS CONTINUITY PLANNING

Proposal for Business Continuity Plan and Management Review 6 August 2008

BUSINESS CONTINUITY STRATEGY

External Supplier Control Requirements BCM

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

Student Registration Online Classes

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity and Disaster Recovery Policy

Business Continuity Planning for Schools, Departments & Support Units

Coping with a major business disruption. Some practical advice

2014 NABRICO Conference

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

D2-02_01 Disaster Recovery in the modern EPU

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Business Continuity Planning Toolkit. (For Deployment of BCP to Campus Departments in Phase 2)

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Audit of the Disaster Recovery Plan

UNLV Programs in Crisis and Emergency Management FALL, 2016 Admissions Information

Temple university. Auditing a business continuity management BCM. November, 2015

Transcription:

Yale University Business Continuity Planning (BCP) Quick Start Guide Introduction Yale University s mission is to create, preserve and disseminate knowledge. Each college, division, and major administrative unit within the University exists in support of this mission. Each area performs functions that are essential to the ongoing success of the mission. A Business Continuity Plan (previously referred to as Continuity of Operations Planning or COOP) focuses on these essential functions. It is a collection of resources, actions, procedures, and information that is developed, tested, and held in readiness for use in the event of a major disruption of operations. Business Continuity Planning helps prepare Yale University units to maintain mission- critical operations after any emergency or disaster. Department heads are responsible for ensuring that their units have Business Continuity Plans in place, and that all persons including faculty, staff, and students are familiar with the plan. Your BCP is an adjunct to the University Business Continuity Plan. Together they provide the overall Business Continuity Management for the entire campus. Overview: Developing a Business Continuity Plan There are 4 phases of creating a Business Continuity Plan. The entire process should be completed over an 8 to 10 week period. Phase One: Determine the Essential Functions of your department or organization. Phase Two: Conduct a Business Impact Analysis (BIA) for each Essential Function Phase Three: Develop a Business Continuity Plan based on your Essential Functions and BIA Phase Four: Test your Plan RSA Archer Program is the Enterprise Governance, Risk and Compliance (egrc) software that will be used to develop, store and execute your business continuity plans. The application will walk you through the process of adding essential functions, completing a Business Impact Analysis to determine the criticality of the essential function, and creating the Business Continuity Plan. The Archer application is also being used by ITS for their Disaster Recovery Planning program. Archer will replace the COOP application previously used. Business Continuity Planning Quick Start Guide (v 2 June 2014) Page 1

Selected individuals within each business organization will be granted access to Archer. Please contact the Business Continuity Program Manager to arrange Archer access for your staff. Training for the Archer program will be provided as well as helpful Cheat Sheets. Accessing Archer Go to the Yale Emergency Management web page (http://emergency.yale.edu/) Ø Click on Develop a Plan on top ribbon Ø On the Develop a Plan page, Click on Business Continuity Planning (BCP) Ø Scroll down to Where do I go from here? and Click on Go to Archer BCP Application Enter your Yale credentials to access the system Ø Click on BCP Owner Home tab in the upper left side of the screen. This will take you to your individual Business Continuity Owner Portal Landing Page Business Continuity Owner Portal Landing Page Provides a variety of overview information detailing your role in the Business Continuity process. Quick Links and Reference Info are also on the Landing Page / Owner Portal. Overview of BC Planning Phases Phase 1: Determine Essential Functions of Your Operation Essential Functions are actions and activities that are necessary to the on- going business of the university, which do not have a manual workaround, and would directly affect the creation, dissemination and preservation of knowledge if they were to stop for an extended period of time. To determine the essential functions of your organization think of your Mission and Purpose. What is it you do for the university? Then break down your mission into a list of the 6 8 essential activities / functions that you do in order to meet your mission. If you have difficulty limiting your essential functions to less than 10 for your entire department or unit, you may want to identify smaller work groups then determine the essential functions for each of those units. Example: Facilities might consider creating separate workgroups for Plant Operations, Grounds, and Facilities Services. Once you have identified your essential functions, you will enter them in the Archer application. An Essential Functions Cheat Sheet is available on the Business Continuity Reference Info section on Archer. The Cheat Sheet provides step- by- step instructions for entering your essential functions ** Things you will need: - Knowledge of all IT software applications used by your organization - Knowledge of all IT Products and Services used by your organization - Knowledge of all Non- IT Devices / Equipment used by your organization - Knowledge of all facilities associated with your organization Business Continuity Planning Quick Start Guide (v 2 June 2014) Page 2

Phase 2: Conduct a Business Impact Analysis for each Essential Function The purpose of the business impact analysis (BIA) is to assess the criticality of your essential functions. The BIA will help your prioritize your essential functions and therefore help focus resources needed for recovery following a disaster. A BIA is completed by using the Archer program to record and analyze the dependencies, consequences, peak periods, and financial impact of each essential function. Using a series of multiple choice and fill in the blank questions, Archer will produce a BIA Criticality Scorecard for each essential function. Once all fields within the BIA Overview and Assessments sections have been answered, and the BIA Criticality Scorecard has been reviewed by your department, the BIA is submitted to the Business Continuity Program Manager for review and approval. Remember to complete an internal review of the BIA before submitting it for formal review by the BC Manager. Your BIAs must be approved before going onto Phase 3. A Business Impact Analysis Cheat Sheet is available on the Business Continuity Reference Info section on Archer. The Cheat Sheet provides step- by- step instructions for completing the BIA. Phase 3: Complete a Business Continuity Plan In Phase 3 you will develop detailed procedures that will enable your organization to return to performing its essential functions after a major disaster. It is important to remember that a Business Continuity Plan is not the same as your emergency response plan. It is not a list of actions to take during a disaster, rather a detailed list of actions and supporting documentation to help you recover afterwards. For Example: Having specifications and vendor information for specialized research equipment in the event your building is damaged or destroyed. The BCP is also where you identify potential alternate work locations to use if you need to relocate following a disaster. There are four core components of the BCP: Plan Overview Recovery Strategies and Tasks Activation Strategy Plan Submission/Approval The bulk of Phase 3 will be spent developing Recovery Strategies and Tasks. Recovery Strategies are high level descriptions of what needs to be done as well as the staff needed to ensure the recovery of each essential function. There may be multiple strategies for each essential function. Each strategy is further broken down by a number of Recovery Tasks which outline key action items that need to be completed for each strategy. Tasks also identify the roles/individuals who will be responsible for executing the tasks. Recovery Tasks are intended to be your checklist when activating your plan. A Business Continuity Plan Cheat Sheet is available on the Business Continuity Reference Info section on Archer. The Cheat Sheet provides additional information about creating and submitting your final Business Continuity Plan. Business Continuity Planning Quick Start Guide (v 2 June 2014) Page 3

Submitting your BCP for Review The final step in Phase 3 is to submit your plan for review and approval by the Office of Emergency Management. Before submitting your plan for formal review, be sure that your department leadership has thoroughly and methodically reviewed the entire plan. One suggestion is to print the finished Plan, including Attachments, and review it for completeness. After a full internal review submit the plan using the Plan Submission/Approval tab in Archer. Once you submit your plan it will become Read Only and you will not be able to make any changes or edits. Note: The Business Continuity Program Manager can un- lock your plan if you need to make any changes later. Phase 4: Testing and Evaluation After your plan is submitted the Business Continuity Program Manager will review it for completeness and will be in touch to schedule a follow- up meeting. The review process will help fine- tune your plan and set the stage for a Tabletop Exercise to help test the plan. The exercise will evaluate the effectiveness of the plan and help gain insight into areas of the plan that may require additional attention. The Business Continuity Program Manager will work with you to create a tabletop exercise specifically tailored to your department. Results of the exercise along with dates for the next plan review and test will be tracked in Archer. Most of the test documentation tracked in Archer will be completed by the Business Continuity Program Manager. Annual Updater and Reviews Business Continuity Plans need to be reviewed and updated on an annual basis. The Business Continuity Program Manager will contact each Department annually to schedule the annual review. Additional Resources The following resources are available on the Business Continuity Reference Info section on Archer. Cheat Sheets (Essential Functions, BIA, BCP) Archer training PowerPoint presentation Archer Navigation Helpful Hints Business Continuity Planning Quick Start Guide (v 2 June 2014) Page 4

Helpful Definitions: Business Continuity (BC) is the framework for building resilience and continued operations with little or no interruption, irrespective of the adverse circumstances or events. Business Continuity Planning is the process of developing prior arrangements and procedures that enable Yale to respond to an interrupting event in such a manner that critical business functions can continue within planned levels of disruption. The end result of this activity is an effective Business Continuity Plan (BCP). Business Continuity Plan (BCP) is a document which provides guidance and steps for recovery in a specified period of time for a specified function or process. It is written in enough detail so that those required will be able to execute the plan with minimal delay. It is a collection of resources, actions, procedures, and information that is developed, tested, and held in readiness for use in the event of a major disruption of operations. Business Impact Analysis (BIA) is a detailed assessment of the possible consequences of a disruption of an essential function and collects information needed to develop recovery strategies to help quickly resume operations. Critical Functions are those that are necessary to life, health, safety and security of the campus community. These functions must continue at a normal or increased level during an incident. The life, health, safety and security functions will never close and will always require people on campus. Continuity of Operations Plan (COOP) is a planning term previously used to indicate business continuity planning. A COOP is very similar to a BCP in that they are both created to help the organization recover from a disaster, however Business Continuity Planning is used more by businesses or corporations and Continuity of Operations is used more by Federal, State, and Local governments. Disaster Recovery (DR) / Disaster Recovery Plans usually refers to specialized planning for computer and IT systems including plans for restoring critical IT databases. products, services, and equipment. A specialized sub- group of Business Continuity Planning. Essential Functions are necessary to the on- going business of the university, which do not have a manual workaround, and would directly affect the creation, dissemination and preservation of knowledge. Essential functions encompass those critical areas of business that must continue even in the event of an emergency. In other words, they are those functions that must be performed to achieve the organization s mission. Emergency Operations Plan (EOP) is a comprehensive plan developed to ensure appropriate response to and recovery from natural and man- made hazards. Recovery Time Objective (RTO) is the maximum length of time that can elapse before the lack of a specific business function negatively impacts the organization. Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time. It is the age of the files or data in backup storage required to resume normal operations if a network failure occurs. Recovery Time Capability (RTC): The actual validated time it will take to recover specific data and other aspects of business operations. Business Continuity Planning Quick Start Guide (v 2 June 2014) Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information