business continuity planning in 5 months or less (talk about a deadline)
TRANSCRIPT
Session Agenda
• Business Continuity Planning Process– Prince George’s Community College
• Business Continuity Plan Testing Process– University of Rochester
• Q&A
BCP Agenda
• The Origins of Planning Effort
• Who Plans ?
• Planning Process
• Business Impact Analysis
• Recommendations
• Selling the Plan
Introduction
• Name
• Profession
• Job Roles
• Involvement in Compliance
• Favorite Technology
• Favorite Tool
• Hobbies
Introductions
• Ajay Gupta, CISSP
Director of IT Security Services
Prince George’s Community College
President and CEO
Gsecurity, Inc
Alphabet Soup
• BCP– Primary Systems to Secondary Systems
• DRP– Secondary Systems to Primary Systems
• COOP– Term used most widely in the Government
Best Laid Plans
• Planning for Bad Times– Inconvenient– Inefficient– Costly– Will not Serve all Needs/Users
• We do the Best we Can
The Origins
• BCP included in long term College goals– Early in current President’s term
• Slowly rose up the agenda– 9/11– Proximity to Washington, DC
• ERP– Significant change to College IT and Business
Processes
• Retirement‘What – you don’t have a plan, yet!?!’
The Planning Team
• The Most Critical Step– Qualified People to do the Work– Public Relations – Selling the Plan
• Team must be College Wide – Assigned by highest governing body– Represent all areas – especially the other
governing bodies
• Get College-Wide Support
College Reporting Structure
Board of Trustees
President
VP for StudentServices
VP for Finance &Administration
VP for InstructionVP for Continuing
Education
VP forTechnology
Services
ExecutiveAssistance to the
President
AdministratorsFaculty
Staff
AdministratorsStaff
Adjuncts
AdministratorsStaff
AdministratorsStaff
AdministratorsStaff
AdministratorsStaff
Faculty
College Governance Structure
Board of Trustees
President
Faculty SenateAdministrativeOrganization Staff
Organization
Chair’s Council
Dean’s Council
College-WideForum
President’sCouncil
FacultyFaculty
Administrators
FacultyAdministrators
Staff
College-Wide Involvement
• Support from President / Board– Give Charge
• Involve President’s Council– Appoint all Members
• Senior Representatives of College Organizations
Criteria for Involvement
• Understand College-Wide Processes– Goals, Mission, Vision– Academic Programs– Community Relations– Budget Constraints– Have the Time!!!
The Committee
• Campus Police (1)• Facilities Management (1)• Finance (1)• Media Relations (1)• Faculty (2)• Technology/Data Center (4)• Money $$$ Groups (2)• Health Center• Students
Planning Process
• Understand the Risks– Why is a plan necessary ?– Consequences to not having a plan ? – Resist the “Snow Day” Temptation
• Review Past Disasters/Incidents– At your institution– Neighboring institutions– Hurricane Katrina ?
• Business Impact Analysis
Business Impact Analysis
• Identify the College’s Resources• Identify the Individual Business Units• Identify the Functions of each Unit
– What does the Business Unit Do• Does it Map to our Mission
– How does the Business Unit Do It • Resources
• Create a mapping between Functions and Resources
College Business Groups
• Library• Student Services• Instructional Services (Academic Departments)• Finance and Administration
– Human Resources– Institutional Research
• Alumni Development• Continuing Education • Distance Learning• College-Wide
PGCC Primary Resources
• Personnel
• Campuses / Building / Labs
• Data Center
• Mainframe
• Internet / Network
• Telephone System
Ranking the Resources
• Knock-Down Drag Out Fight ?
• Not so in our Case Given Shared Dependence on Resources – Mainframe (home grown)– Data Center
• On to Creating Recommendations
Recommendations: Process
• Question for Planning Task Force: What do we do if we lose a Single Resource
• Develop Contingency Plan– Around the Table Discussion– Take Notes– Write up Plan– Distribute– Review, Revise
Recommendations: Research
• With Draft Contingency Plan in Hand• How much will it Cost
– Acquisition– Manpower
• Existing Staff• Temporary Staff
– Can we do without it?• How Quickly can the Plan be put in Place
– Take Action Now– Defer to FY08, beyond
• Where are the Holes
Continuing Classes
• Move all Courses to Blackboard• Protects against loss of campuses,
buildings, Data Center, faculty• Costs:
– Additional Blackboard Licensing Fees (take action now)
– Additional Storage Requirement (take action now)
– Additional Faculty Training (recommend for near term, not mandated)
Continuing Classes (2)
• Holes:– Hands-On Courses– Shop Classes– Vocational Courses– Faculty Readiness– Student Readiness
• Retake Class
• Refunds
Internet Connectivity
• Redundant Connection to Internet– Multiple Carriers– Single Carrier with Two+ Networks
• Costs:– May have additional connectivity fees– May be able to leverage local, regional networks
• Holes:– Downstream Considerations– We may have two carriers, but if both carriers run
through the same connection point….
Preserving Ad Hoc Databases
• Databases Maintained by Offices – Off of the Mainframe
• “Should” be Addressed by Conversion to ERP
• Burn all data to CD/DVDs on regular basis
• Holes:– May not Provide Service– Users may not Self Report
Recommendations
• Personnel: – Cross Train
• Part-Time Work Force
– Expand Remote Access
• Campuses/Buildings– Assign Alternate Work Space– Expand Remote Access
• Data Center / Mainframe: – Improve Backup Power, HVAC – Keep in running
• Data Center Replaced in 5 years (Under Design)• Mainframe to be Obsolete in 3 years (ERP)
Recommendations (2)
• Network: – Improve Backup Power
• Telephone: – Cell Phones
• PBX to be replaced in 5 years or sooner
• E-mail: – Outsource E-mail (by Student E-mail
Provider)
Selling the Plan
• Right Team Members Involved– Pick the Team Members Best Suited to
Present to Each Specific Party• Member of Chair’s Council to Present to Chair’s
council• Member of Faculty Senate to Present to Faculty
Senate
Single Voice – Different Message
• Different Message to Different Parties– This is what we have to do to keep the
institution running– This is what we have to do to keep classes
going– This is what we have to do to maintain payroll
Sell Slow
• Received Input from all Parties– Make it seem as if they came up with the
ideas
• Areas of Disagreement:– “That’s something we’ll have to iron out during
testing.”
Thank You
Ajay Gupta, CISSP301-785-4581