Transcript Business Continuity Planning - California State University

Business Continuity Planning
State of the Process Report
May 12, 2008
Executive Order 1014
This executive order delegates to each
president or his/her designee, the
responsibility for implementation and
maintaining an ongoing program on each
campus that ensures the continuity of
essential functions or operations following
or during the recovery phase of a
catastrophic event.
BCP Committee Membership
Representation
•
•
•
•
•
•
•
•
•
•
•
Finance
Legal
Human Resources
Student Health Center
Academic Affairs
Student Affairs
Physical Plant & Facilities
Public Safety
Public Information
Information Technology
Disability Resources
History of BCP @ CSUCI
• Business Continuity Disaster Recovery
Planning Draft – February 2005
• Formation of the Committee – Jan. 2006
• Avian Flu Plan Completion – May 2006
• The CO “Backup Website” – March 2007
• Avian Flu Tabletop Exercise – May 2007
• CSU BCP Group Formation – March 2008
The CSU BCP Group
• First met March 26, 2008
• Participants:
CO, Pomona, Sac, San Marcos, CSUCI, East Bay, Long
Beach, Monterey Bay, San Jose, Fullerton, San
Bernardino, Northridge
• Discuss existing BCP materials
• Share information and ideas
• Explore ways to further collaborate
Activities to date:
– Create Departmental Phone Trees
– Identify Department Critical Functions
– Purchase of A.F. Sanitation Supplies
– Activate Backup Website
– Emergency Information Web Page
– “Preparedness” Educational Flyer
– Infrastructure Project Continuity Planning
– Departmental Risk Assessment & Mitigation
Planning
IT Dept. - Mitigation Summary
Risk
Severity
to CSUCI
Mitigation
Program
Cost
Network Outage (High)
High
•Redundant fiber paths
•Spare switches
IT Infrastructure,
#3,4,5 & 6
Telecommunications (High)
High
Low-Med
•Network Redundancy
•Outsource/hire human skill set
IT Infrastructure,
#11
Data Center (Med)
Med-High
Redundant servers
IT Infrastructure,
#7,8, 9 & 5
Security - Digital (High)
Med-High
Install border security
IT Infrastructure,
#1
Security - Desktop (High)
Med-High
Policy/Procedure changes
User Support, #?
Security - Human (High)
Low-High
Employee training/accountability
Training &
Communications
Human Capital (High)
Low-High
Adequate staffing and funding
Training &
Certifications
Mitigation: IT Strategy Council
•
•
•
•
Identify & prioritize IT needs & wants at CSUCI
Align IT priorities with CSU Mission
Inform IT of emerging issues
Decide what “down time” is OK
$
1 hr . . . 1 week
Downtime
P 42
What’s next:
• Assist business units with individual plans
•
Plans must include:
business impact analysis
designated lines of succession
alternate operating resources (30 days)
communications plans
protection of vital records & databases
testing, training, exercises
Develop baseline capability in each of the eleven
COOP/COG elements
Eleven elements of a COOP/COG program
•
•
•
•
•
•
•
•
•
•
•
Executive summary
Introduction
Purpose & Assumptions
Applicability & Scope
Essential Functions
Authorities & References
Concept of Operations
COOP/COG Planning Responsibilities
Logistics
Test, Training & Exercises
Multi-Year Strategy Program Management Plan &
Budget
• Identify gaps - plan how to address them
• Develop CSUCI MYSPMP
(Multi-Year Strategy Program Management Plan)
A MYSPMP identifies short & long term
goals, objectives, timelines, budgetary
requirements, planning and preparedness
considerations, and planning milestones or
tracking systems to monitor
accomplishments.
“A comprehensive COOP/COG plan
is often the result of layer after
layer of development over time.”
Executive Order 1014