business continuity planning - risk management …...presenters sally alexander, director & cro...

Business Continuity Planning

PDI – January 14th, 2018

Presenters

Sally Alexander, Director & CRO Office of Risk Management & Insurance

Tel: 970 491 7726

Email sally.alexander@colostate.edu

Angela Gray, Risk Management Assistant & Business Continuity Coordinator

Tel: 970 491

Email angela.gray@colostate.edu

Agenda

• What is business continuity planning?

• How is it related to CSU’s Strategic Plan?

• How is it related to emergency response planning, and disaster recovery?

• Why is business continuity important?

• What has been done to date?

• Future plans described

“

”We want to be able to do tomorrow what we were doing

yesterday no matter what happens today

Paul Dimond, UC Berkley

What is Business Continuity Planning?

• Continuity planning is a process that helps:• Identify the essential business functions that support your mission• Assess the potential impact of disruption to those functions• Develop strategies to continue or quickly resume those functions

when faced with adverse events• Evaluate the effectiveness of plans during simulated and actual events

Business Continuity Planning

• Business continuity planning strengthens integrated strategic planning.

Credit: Kuali Ready

Strategic Plan

Mission Driven Goals

Emergency Response

Event Driven Response

Disaster Recovery

Technology Driven Response

Continuity Plans

Time Driven Response

Strategic PlanMission Driven Goals

Continuity PlansTime Driven Response

Emergency Response

Event Driven Response

Fire, Earthquake,Health Epidemic

Disaster Recovery

Technology Driven Response

Data Breach, Virus,Network Failure

Continue or quickly resume essential functions

when faced with adverse

events.

Credit: Kuali Ready

Why important?

CSU’s Strategic Plan

• Goal 4: Research and Discovery• “Protect research infrastructure, highly protected research assets through risk

management best practices- research loss control, flood mitigation, engineering loss controls, monitoring of low temperature freezers, fire suppression & monitoring systems, business continuity planning” (emphasis added)

• Goal 9: Financial Resources • Institutional risk management – “Prudent institutional risk management is evidenced by

identifying, managing and controlling risks and planning for recovery and business continuity” (emphasis added)

CSU’s Strategic Plan

• Goal 10: Physical Resources • Enhanced facilities infrastructure for the place to work and learn - “Security and risk control

for highly protected assets (flood mitigation, engineering loss controls, fire suppression & monitoring systems, freezers); business continuity planning; building and asset security ” (emphasis added)

• Goal 11: Information Management • Provide efficient, effective & robust IT systems in ACNS to enhance uptime and availability

of critical central services as well as departmental services housed in the ACNS Cloud• Provide a secure, protected IT environment to support sensitive data & to ensure

compliance with Payment Card Industry (PCI) requirements. (Note: Business Continuity planning is a PCI requirement.)

Why we need to plan…

“

”He who fails to plan is planning to fail

Winston Churchill

Source: Marsh

The business continuity planEmergency response plan

Activ

ity

Crisis management/communication plan

Businessrecovery plan

A

A successful outcome

Source: Marsh

Objective of business continuity management

Time

Leve

l of b

usin

ess

Critical recovery point

Fully tested effective BCM

No BCM –‘lucky’ escape

No BCM –likely outcome

But its not always the big stuff that can impact critical functions…

Other applications

• Identify critical skills and internal dependencies

• Succession planning

• Cross-training opportunities

• Define career development pathways

• Uncover professional development opportunities

What’s been done so far?

• Pre loaded departmental general information into Kuali Ready

• Reviewed CSU’s Pandemic Flu Plans, and put that information into KualiReady. We know that this information is out of date.

• We are working with VTH, External Relations on their plans.

• RMI, Policy, and EHS – Radiation Control – have plans that need to be updated.

• Internal Audit – Central IT (ACNS & IS)

Where we go from here

• New website with useful information, tools, and resources http://rmi.prep.colostate.edu/bcp/buildaplan

• Build your plan in a year approach to creating a BCP

• Each month has it’s own webpage with clear instructions and time estimates

• Remember, you have a resource, the Business Continuity Coordinator is available via phone, email, or in person

Getting Started – The basics

• Gather department information

• Staff basics

• Key skills

• Key People

• Action Items

• http://rmi.prep.colostate.edu/bcp/buildaplan/month1/

Getting started – Define Resources

• Catalog IT Physical Resources• Department owned servers• Backup practices of staff• Key resources: Equipment and supplies• Key resources: Stakeholders• Action items• http://rmi.prep.colostate.edu/bcp/buildaplan/month2/

Getting started – Critical Functions

• Identify your critical functions• Describe those functions• Assign a level of criticality to each function• Peak Periods• Consequences• Action items• http://rmi.prep.colostate.edu/bcp/buildaplan/month3/

So what do we do?

• RMI will be responsible for Kuali Ready training & education

• BUT WE CAN’T BUILD THE PLAN FOR YOU!!! (And you really don’t want us to.)

• We are here to assist & facilitate plan development

To Get Started

• First step: get authentication simply by logging into Kuali Ready with your CSU EID at http://rmi.prep.colostate.edu/bcp/

• Second step: let Angela know that you have requested access to your plan.

970-491-6169 Angela.Gray@colostate.edu

Questions?

Contact Angela!

Angela Gray, Risk Management Assistant & Business Continuity Coordinator

Tel: 970 491 6169

Email angela.gray@colostate.edu