Home : Operational : Health and Safety

Each Operating Unit Manager must determine which of the unit's processes or applications are mission critical.

Each Operating Unit Manager along with their designated Operational Continuity Coordinator must develop an Operational Continuity Plan that defines the steps necessary to resume mission critical activities in the event of an interruption. They must also develop the procedures for performing these activities. Any plans or procedures must take into account the possibility that a University-wide disaster may affect multiple units. If any Operating Unit depends on suppliers, other Operating Units or Service Bureaus to provide its critical functions, those suppliers or units must also have a continuity plan. Copies of back-up agreements between Operating Units must also be included in the plan, as must agreements with non-University based Service Bureaus and suppliers.

In the event that limited resources and alternatives require that the priority for the recovery of one Operating Unit be ranked against another unit, the determination of this priority will be made by the Board of Regents.

For each of the mission critical processes or applications identified, incorporate the following into the Operational Continuity plan:

Mission Critical Processes or Applications
Identify processes or applications which fall into any of the following categories:

• Safety and Security
• Learning, Education and Research
• Business Support Services

Risks/Hazard Analysis
Identify risks and/or hazards that might reasonably pose a threat to the Operating Unit's ability to function. Identify existing and / or easily implemented controls to avoid these risks and hazards.

Time to Failure
Identify how long the unit can function without normal support tools (e.g., business records, computers, telephones, etc.)

Operating Level
Determine the minimum levels of operation at which the Operating Unit will function during the disaster and the recovery process

Recovery of Resources/Information
Determine how the Operating Unit will identify which resources, information, transactions, documents, data, etc. have been lost due to the disaster and how they will recover and/or reprocess the items identified.

Recovery Time
Determine time frames for the full recovery of critical functions

Operational Continuity and Recovery Strategy
Each Operating Unit must develop a documented continuity and recovery strategy that enables the Operating Unit to continue to perform critical functions and/or provide services within a pre-defined time frame. The type and level of service to be provided within this time frame and the method of recovery must be defined. Take the following actions to implement the strategy (for details, see the Workbook)

• Back up all critical files (regardless of media).
• Document the location of the off site storage in the plan.
• Identify a recovery team consisting of all persons responsible for executing the Operational Continuity Plan.
• Determine when the Operational Continuity Plan needs to be activated and identify who within the Operating Unit is authorized to implement the plan.
• Identify all persons with copies of Operational Continuity Plans and have them available for review. Store at least one current copy in an off site facility with immediate availability.
• Maintain the list of resources, vendors, Service Bureaus etc. with which the unit has written back up agreements for the provision of services, equipment, etc. to be used in the event of a disaster.
• Establish procedures for contacting, appropriate University Departments and University and non-University suppliers / Service Bureaus in the event of an interruption in operations.
• Establish procedures for return to full, normal operations of the Operating Unit including recovery of non-critical functions.

Documentation & Record Keeping
Include printed copies of all back-up agreements in the plan.

If you use a Service Bureau / supplier to provide support for critical functions, ensure that the Service Bureau / Supplier has a continuity plan which will protect the University in the event the Service Bureau / Supplier suffers an interruption. Include verification of Service Bureau / supplier continuity plans with your plan.

Document procedures for notifying staff with continuity responsibilities in the event of an interruption. Develop and maintain a list of recovery responsibilities and the staff assigned to each responsibility. For each responsible staff member there must also be an alternate staff member. The list must contain, at a minimum, the following information:

• The names of the employee and alternate for each continuity responsibility.
• Business and home phone numbers for each employee and alternate.
• General recovery responsibilities of the staff member and alternate.
• Procedures required to support the recovery strategy that are not documented elsewhere must be documented in the recovery plan.
• Documentation required to support restoration of critical functions must be kept current and must be stored in an off site facility with immediate availability.

NOTE: Standards and Procedures manuals do not need to be replicated in the Operational Continuity Plan.

Exercising
Operational Continuity Plans must be exercised by the Unit Manager at least once per year. A successful exercise will include the following:

• Identifying exercise objectives.
• Conducting exercises using the Operational Continuity Plan.
• Evaluating exercise results and, if needed, making appropriate changes to the plan and re-exercising to ensure that objectives are met.
• Documentation of exercise results and the steps proposed to correct any problems.

Training
Unit Managers will assure that training (on the use of the plan) is provided on an on-going basis to all personnel of the unit in order to ensure that all staff are adequately trained to fulfill their responsibilities in support of the recovery process.

Training must include familiarity with and a working knowledge of the unitÕs Operational Continuity Plan.

Training for new employees should be carried out within 30 days of start.

Reporting
Letter Certifying Compliance with Exercising of Operational Continuity Plan - to be developed.

Operational Continuity Plans must be reviewed by the Unit Manager once per year. In particular, the Manager must assure that:

• Critical functions have been identified
• Continuity and recovery strategies are in place
• Documentation for the plan is current
• Minimum levels of required operation and recovery time frames have been set
• Exercising of the plan has been completed during the last 12 months.
• Certification of the annual review must be sent to the Department of Emergency Management and maintained by the Unit Manager.

The plan and associated documents must be available for review by the Office of Internal Audits and/or the Department of Emergency Management.

Administration of the Plan
Planning and plan maintenance are the responsibility of the Unit Manager.

Plan Maintenance
Unit Managers must evaluate the impact of changes within the unit and communicate any changes to all persons holding copies of the plan.

Unique Needs
List any special needs that are unique to your operations such as special equipment, unique skills needed to recover etc. Include these needs in the Operational Continuity and Recovery strategy.