260 likes | 355 Views
Implementing a Continuity Program at an Institution of Higher Education – A Look at Texas A&M University’s Approach to Continuity Planning. Monica Weintraub Texas A&M University. Objectives. Discuss one approach to continuity planning in higher education.
E N D
Implementing a Continuity Program at an Institution of Higher Education – A Look at Texas A&M University’s Approach to Continuity Planning Monica Weintraub Texas A&M University
Objectives Discuss one approach to continuity planning in higher education. Identify lessons learned and discuss special considerations pertaining to higher education.
Background – Mid 2000s • TAC 202.24 – Information Security Standards • “State agencies shall maintain written Business Continuity Plans that address information resources so that the effects of a disaster will be minimized, and the state agency will be able either to maintain or quickly resume mission-critical functions.”
Background – Mid 2000s (continued) • Pandemic Flu (H1N5 Avian Flu) Planning • Focused on workforce reduction • Departments started independent plans • Reoccurring questions • What is the University’s Plan? • How will the University deal with working from home, etc?
Internal Audit - 2008 • Findings • Departments had individual plans • Lacked coordination among plans • Needed a university-wide program to implement and manage continuity planning
Initial Steps • Training • IS-546: COOP Awareness Course • FEMA COOP Program Manager’s Train-the-Trainer Course • Proposal • Defined program elements • Identified implementation strategy/timeline
Define Essential Functions • Critical Infrastructure (CI) – Uninterrupted or resumed within a few hours • A special subset of essential functions with university-wide implications that address: • Emergency Response Services • Utilities, to include electricity, water, and reasonable climate control • Communications with internal and external audiences to include students, faculty, staff and media. • Internet, authentication, and voice communications • Hazardous materials spill response and control, to include safety handling and proper disposal of toxic substances, biologically hazardous materials, and radioactive materials.
Define Essential Functions (continued) • Tier I: 0-12 Hours • Must be restored to minimum level of service within 12 hours of incident • Functions with direct and immediate effect on the jurisdiction to preserve life, safety and protect property • Functions that preserve the University through command and control
Define Essential Functions (continued) • Tier II: 12 hours to Two Weeks • Must reach an operations status within 12 hours to two weeks of activation • Must sustain operations for a minimum of 30 days • Tier III: Two Weeks to 30 Days • Functions that support Tier I and Tier II • Do not need to reach full operation within the first two weeks following an incident
Identify Departments responsible for Critical Infrastructure • Examples • Facilities Services • Information Technology • Environmental Health and Safety • University Police • University EMS • Division of Finance – Payroll, HR, Contracting and Procurement, Controller • Transportation Services
Develop Planning Scenarios • Single or Multiple Facilities Affected • Fire, loss of utilities, explosion, & severe weather • Loss of Personnel • Infectious disease outbreak • Loss of IT or Data • Power outage or equipment failure
Identify the Continuity and Recovery Group • President • Provost and Executive Vice President for Academic Affairs • Vice President for Research • Vice President for Administration • Vice President for Marketing & Communications • Vice President for Finance • Vice President for Information Technology • Vice President for Student Affairs
Brief University Administration • President and Chief of Staff • Provost • Members of the Continuity and Recover Group
Write the Plan • Outlines roles and responsibilities of CRG • Guidance document for university departments
Review and Approval • Sent through chain of command for approval • Signed by the President
Modify Institutional Plan into a Departmental Template • Based off of the Institutional Plan • Includes Excel worksheets for filling out specifics • Essential Functions • Recovery Time Objectives • Responsible Parties • Alternate Facility Requirements • Etc
Create Departmental Workshops • 4-5 hour training • Review the Institutional Plan • Introduce COOP Planning Concepts • Includes activities to walk departments through planning process
Administer Training • 1 workshop a week • Trained critical infrastructure groups together • Next focused on non-academic departments • Asked for draft plans within 60 days of training
Lessons Learned • Set realistic timeframes • University rule or directive • Continuity and Recovery Group Model • Dependency modeling • Provide relatable and scalable examples
Special Considerations • Academics • Research • Essential functions vs. essential departments • Alternate location requirements vs. alternate locations • IT – ownership of services
Questions? Monica Weintraub Phone: 979-821-1041 mweintraub@tamu.edu