FORDHAM UNIVERSITY THE JESUIT UNIVERSITY OF NEW YORK
Calvin Graham
IT Risk Analyst
Business Continuity
Planning (BCP)
Business Continuity Planning (BCP)
How to preserve critical business functions in the face of a
disaster.
Fordham IT Risk & Integrity 2
Disasters Do Happen to Us!
Fordham IT Risk & Integrity 3
Disasters Do Happen to Us!
Fordham IT Risk & Integrity 4
Disasters Do Happen to Us!
Fordham IT Risk & Integrity 5
Disasters Do Happen to Us!
Fordham IT Risk & Integrity 6
Disasters Do Happen to Us!
Fordham IT Risk & Integrity 7
Disasters Do Happen to Us!
Fordham IT Risk & Integrity 8
Disasters Do Happen to Us!
Fordham IT 9
The BCP domain addresses:
Continuation of critical business processes when a disaster destroys business processing capabilities
Preparation, testing and maintenance of specific actions to recover normal processing (the BCP)
Fordham IT Risk & Integrity 10
Fordham IT Risk & Integrity 11
Disasters – natural, man-made
Fire, snow, flood, hurricane, tornado, earthquake, volcanoes
Plane crashes, vandalism, terrorism, riots, sabotage, loss of
personnel, etc.
Anything that diminishes or destroys normal business
processing capabilities
Fordham IT Risk & Integrity 12
Disasters are defined in terms of the
business
If it harms critical business processes, it may be a disaster Time-based definition – how long can the business stand the pain? Probability of occurrence
Fordham IT Risk & Integrity 13
Broad BCP objectives - CIA
Confidentiality – still important
Integrity – still important
Availability – the main focus
BCP objectives
Create, document, test, and update a plan that will:
• Allow timely recovery of critical business operations
• Minimize loss
• Meet legal and regulatory requirements
Fordham IT Risk & Integrity 14
Scope of BCP
Used to be just the data center
Now includes:
• Distributed operations (Westchester / Lincoln Center)
• Personnel, networks, power
• All aspects of the IT environment
• Business Units / Departments
Fordham IT Risk & Integrity 15
Creating a BCP
Is an on-going process, not a project with a beginning and an end
• Creating, testing, maintaining, and updating
• “Critical” business functions may evolve
The BCP team must include both business and IT personnel
Requires the support of senior management
Fordham IT Risk & Integrity 16
The five BCP phases
Project management & initiation
Business Impact Analysis (BIA)
Recovery strategies
Plan design & development
Testing, maintenance, awareness, training
Fordham IT Risk & Integrity 17
Just a Brief Look Back @ Sandy & The
Winter Storm
What did we learn?
• Communications plans are key.
• Prepare your homes & family.
• The University has an Emergency Management Plan & Team.
• Ensure your contact data in Banner is up to date.
• Including cellphones.
Fordham IT Risk & Integrity 18
Communications
Ensure that you and your staff have the Fordham University
emergency phone number.
“Like” the Fordham University Facebook Page.
If you twitter, follow Fordham University; @fordhamnotes
Fordham IT Risk & Integrity 19
Personal Preparedness
Make a family plan.
Utilize public information sites.
• Red Cross
• Safe & Well Website (www.redcross.org/prepare/location/home-family)
• CDC
• Emergency & Preparedness & Response
(www.emergency.cdc.gov/preparedness)
• FEMA
• Prepare. Plan. Stay Informed. (www.ready.gov/make-a-plan)
Fordham IT Risk & Integrity 20
Fordham University’s Emergency
Management Plan
The University’s EMP is lead by John Carroll, Associate Vice
President for Safety and Security.
Fordham University’s response to all emergencies and crisis
response falls under the direction of the Associate Vice
President for Safety and Security.
A copy of the EMP is located in each BCP Plan hosted on CPO-
Tracker.
Fordham IT Risk & Integrity 21
Contact Data
It is critical that your Fordham University contact data is up to
date.
Review it at least quarterly.
Located on the My Information channel within the Portal.
Fordham IT Risk & Integrity 22
What Should Be in Your BCP ?
Document internal key personnel and backups
Identify who can telecommute.
Document external contacts.
Document critical equipment.
Identify critical documents
Fordham IT Risk & Integrity 23
What Should Be in Your BCP ?
Identify your contingency location.
Make a "How-to".
Put the information together!
Communicate.
Fordham IT Risk & Integrity 24
What Should I do with My BCP
Test It!
Plan to change the plan.
Review and revise.
Fordham IT Risk & Integrity 25
What Is Fordham IT Doing to Help You?
Dedicated DR Coordinator – Calvin Graham
Provide Training (CPO Tracker)
Provide Consulting
Fordham IT Risk & Integrity 26
Next Steps
Review your current BCP.
If you don’t have one, reach out to Calvin Graham
• 718-817-0703 or [email protected]
Setup a training / information session to get started.
Fordham IT Risk & Integrity 27