1 / 39

CAUBO Annual Meeting Winnipeg, Manitoba June 16, 2008 Concurrent Session

CAUBO Annual Meeting Winnipeg, Manitoba June 16, 2008 Concurrent Session Business Continuity and IT Disaster Recovery: Ensuring an Integrated Approach. Overview of Presenters. Gerry Miller University of Manitoba Philip Stack Associate Vice President Risk Management Services

naida
Download Presentation

CAUBO Annual Meeting Winnipeg, Manitoba June 16, 2008 Concurrent Session

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CAUBO Annual Meeting Winnipeg, Manitoba June 16, 2008 Concurrent Session Business Continuity and IT Disaster Recovery: Ensuring an Integrated Approach

  2. Overview of Presenters Gerry Miller University of Manitoba Philip Stack Associate Vice President Risk Management Services University of Alberta

  3. Presentation Outline Part 1 Overview of Integrated Emergency Management Part 2 IT Disaster Recovery

  4. “An emergency will occur at some point in the history of the university. Never assume it only happens to someone else.” (1999 Harrell, G. North Carolina Hurricane)___________________________________________ Radiation Leak Stuns AdministratorsUniversity authorities didn’t even know the dangers, says prof Another Campus ShootingUniversity mourns. President under fire for lack of preparation “The Whole Place is Underwater!”Teaching, research completely halted by rising floodwaters

  5. Unexpected Unscheduled Unplanned Unprecedented Definitely Unpleasant “It’s not a matter of whether a disaster or emergency scenario will confront a campus but when. I have confronted numerous emergency situations requiring rapid decisions, such as several campus evacuations and extended closures that threatened the institution’s academic program. Dealing with the long-term trauma people faced was a humbling and daunting experience. “Our decision to create comprehensive plans and to continually monitor and update these plans has proved to be one of the best uses of our time and resources.” John Cavanaugh, President University of West Florida An Emergency at the University/College 5

  6. Why Worry about Emergency Management? 1/2 • Society’s Tolerance - more informed, wiser society not willing to accept uncertainty as in the past. • Institutional Accountability – to the Community, the Board, Government, to Us. New legislation closes gaps for corporate immunity e.g. the directing mind. • Legal Risk - an act or lack of an act could land the University in court and someone potentially with a record. The trend to hold the University responsible for failing to take reasonable steps to prevent a crisis. Or, for failing to be adequately prepared to manage a crisis situation. Making emergency preparedness a priority may require building crisis management into job descriptions, personnel evaluations and audits. - Poland (1994) 6

  7. Why Worry About Emergency Management? 2/2 • Reputation - Potential damage to the University’s reputation, and, just as important, damage to your own reputation. • Fragile - The systems may be overloaded and the infrastructure easily broken. Large interdependencies can result in disastrous failures e.g. power outage in eastern Canada and USA, failure of the IT system, failure of communications. • Educational institutions - are not exempt from regulations e.g. WH&S/OH&S and the need to provide a safe environment. They may be different in inherent risks and operational risks – but they are still accountable. “The key to risk management is delivering risk information, in a timely and succinct fashion, while assuring that key decision makers have the time, the tools, and the incentive to act upon it…it follows that the biggest single responsibility of the risk management function is intelligent communication”. Kloman, Felix. (Risk Management Reports, 2001) 7

  8. What are we trying to achieve? • Integrated Emergency Management Program • Involvement of Faculties, Departments and Planning • Business Continuity including Pandemic readiness • Enhancing Emergency Preparedness and Management components

  9. The Goal • Increase readiness • Building capacity and reliability • University wide approach • Systems, adaptable and flexible • Emergency management principles • Strengthen practices and decision making • Protect the core businesses Prevention-Mitigation Preparedness Recovery Response

  10. When The Wheels Come Off ! CRISIS Level 1 Initial Emergency Response Faculty/Department Action Level 2 or 3 EOC Activation CMT Activation Faculty/Department Unit Action Plan Assessment Recovery Restoration Resumption Continuity Prevention Plans Preparedness Training Disaster/ Major Emergency/ Outage Normal Operations IEMP COMMUNICATION PLAN Internal and External Stakeholders

  11. Layered Planning and Interoperability University’s Integrated Emergency Management Program University of Alberta Crisis Communications Plan University of Alberta Emergency Master Plan Faculty/Department Action Plan Health Authorities Emergency Response Departments Government Agencies Department/Unit Action Plan

  12. Emergency Master Plan & Faculty/Department Action Plans. Appendix Administration and Maintenance Risk, Prevention, Preparedness Post Incident Measures Crisis Communication Plan and Teams Supporting:Preparedness, Response, Recovery andResumption - University wide Resources and Forms Emergency Contacts - In/Ex Action Plans: Response, Recovery, Res. Loss of Critical vendor Roles, Responsibilities, Checklists Loss of IT, Communications Loss of Utilities Incident Command System and SOPs Business Continuity Planning Activation and Notification, Operation Loss of People Capacity Loss of Equipment/Vehicles General, Introduction, Policy, Overview Incident Command System Loss of Facility/ Office/Workspace U of A Integrated Emergency Management Program Contingency Plans, Alternative Measures, Mitigation and Protection Business Continuity -Action Plans

  13. How do you get there? Business Continuity to Action Plans Phased Development: • Analysis • Alternate Measures, Solutions and Strategies 3. Implementation (Faculty/Department: Emergency Operations Plan/Action Plan) 4. Maintenance

  14. Planning For A Catastrophe Is Positive Thinking. Not Thinking Is A Disaster! Business Impact Analysis • Critical business services • Work flows • Maximum acceptable downtime • Vital records and documents • Priorities for recovery and resumption • Interdependencies Caring, Protecting, Responsible

  15. How to Recover Lost Business Services and Functions Scenario Planning • Loss of access • Loss of utility • Loss of facility • Loss of people • Loss of IT and or Telecommunications • Loss of critical vendor Caring, Protecting, Responsible

  16. University and Risks Risk of fire, flood, tornado: Water, structural damage Risk of crime, disorder, terrorism: Theft, bomb threat, work place violence, civil disturbance, hostage, shooter, fraud Public Health Emergency: avian pandemic, meningitis Risk to utilities: High temperatures, High or low humidity Risk to environment: Mold and mildew, pests,asbestos Risk of hazards on roads Human error IT risks Financial Risks Regulatory Risks Reputation Risk You are in the Risk Management Business!

  17. Risk Does Not Respect Boundaries! Potential Consequences • Health, safety and security • Injuries or loss of life • Animal care • Specimens, data, vital records • Legal • Regulatory • Financial • Infrastructure • Reputation • Loss of students • Loss of Faculty and Staff • Loss of collections • Loss of valuable documents • Morale

  18. What can go wrong? How likely is it? What are the consequences? Natural Technical Man-Made Risk: Source: Natural Disaster/ Probability Severity Risk Level Priority Man-Made Emergency Remote Catastrophic Medium 3 Fire Occasional Catastrophic High 2 Flood Probable Critical High 1 Major Power Outage Improbable Critical Low 4 Bomb Threat Risk Analysis Tool Caring, Protecting, Responsible

  19. U of A Integrated Emergency Management Program Crisis Communications Plan U of A PHR Strategy U of A Emergency Master Plan Analysis and Action Plans Facilities and Operations Essential Services Faculties Research Administration Power Animal care Teaching Campus Security Human Resources IT and Records Heat EH&S Labs Planning Water Staff Staff Finance Residence Services Grounds Payroll Communications IT Sponsors Buildings Operations Communications Redeployment Response Perishables

  20. Integrated Emergency Management Program - Model Ready, Resilient and Robust University Functions, Services, Systems and Processes Risk Management Culture Leadership and Commitment

  21. Incident Command System – The Building Blocks Command Command Staff General Staff Doers Getters Payers Thinkers First Responders 21

  22. Sample Emergency Operations Centre University President University Emergency Policy Group: VPs and General Counsel EOC Director EOC Coordinator Liaison Officer: Internal/External Public Information Officer Liaison Officer Faculty and Deans Deputy EOC Director Operations Section Chief Logistics Section Chief Planning and Intelligence Section Chief Finance & Administration Section Chief Registrar HR IT & Telecomm Supply Management Documentation Unit leader Resource Tracking Financial Services Financial Services Public Safety Facilities Management Facilities Management Capital Projects Demobilization Situation Status Contracts Risk Mgnt & Insurance Student/Residents Services 22

  23. Emergencies prompt a change in management style From Consultative to Commandand Control Management Style During an Emergency at a University “You’ve got to take stock of the damage and how you’ll recover from it. You’ve also got to take stock of your human resources, who’s available and what’s their work capacity. Remember that damage isn’t just physical. Take stock of outside resources. Who can help? The big thing: Take control. As president, as a CIO, you’re in the best position to look out for your own institution. Don’t rely upon FEMA (Emergency Management Alberta, Public Safety Canada ). Don’t rely upon the government. Don’t rely upon the state (province). Take control of the situation.” John Lawson, VP Information Technology and CIO, Tulane 23

  24. In Summary • Leadership commitment • Integrated approach • Build a risk culture • Train and exercise

  25. Here‘s why we need to be ready for emergencies...

  26. Seventh place...

  27. Sixth place... 6th place

  28. 5th place Fifth place...

  29. 4th place Fourth place...

  30. 3rd place Third place...

  31. 2nd place Second place...

  32. And the WINNER is...

More Related