August 2007 Archives
When we go out to talk with departments and campuses, we hear the terms business continuity and disaster recovery used interchangeably. We are trying to raise awareness that these terms are NOT the same.
Using industry standard terminology and definitions, we use the Disaster Recovery Journal's glossary for both Business Continuity and Disaster Recovery.- BUSINESS CONTINUITY: The ability of an organization to provide service and support for its customers and to maintain its viability before, during, and after a business continuity event.
DISASTER RECOVERY: The technical component of business continuity planning
Penn State's Business Continuity Plans include both Service Recovery Plans, plans that recover critical university functions and Disaster Recovery Plans, the plans that recover the technology functions for these critical services.
The priority of Services at the university is determined from the Business Impact Analysis. Once the services are identified and prioritized, the technology is identified which supports these services.
In the past, most people focused on disaster recovery plans. They felt if they had plans for the technology, they didn't need anything else. Recent events, however, proved that kind of thinking has many drawbacks. Technology is just a piece of the overall plan. Communicating with your stakeholders, having work around procedures and creating policies for employees to follow during an outage are critical to sustain university business. In a world of 24/7 operations, our customers expect minimal inconvenience during an unanticipated outage.
Below are some notes from a webinar presented by Mark Katsouros, Telecommunications & Network Services from the University of Iowa on the topic of Emergency Notification also presented by EDUCAUSE.
- The University of Iowa has a requirements driven approach to review technology and vendor-driven solutions for auto-notification systems.
- Auto-notification situations are broad and varied for both emergency and non-emergency.
- Establishing a model of use based on requirements is important.
- Challenges for an auto-notification model are related to the establishment of policies which govern the use and are clearly separate from the technology.
- Challenges for establishing a broad usage auto-notification model is related to the maintenance and existence on an "Institutional Contact Database".
- Potential Stakeholders
- Members of the campus community in an impacted part of the campus
- Individuals responsible for the facility
- Executive leadership
- Emergency Response Teams
- Communications Staff
- Student/Employees in transit to school/work
- Parents/spouses
- All members of the Campus Community
- Maintaining a single database for emergency contacts and notifications is important to reduce errors and to aid in proper notifications. Tie into campus directory.
- The overall variety of forms of communication are numerous and yet would support a variety of users should policy and support be provided. (ex. video, audio messages, VOIP messages, email, radio messages)
- Having a "multi-pronged approach" is critical to ensure notifications are made and received.
- Most people have mass email, but multi-pronged approach is different because it is based on communicating with groups.
- Some auto-notifications solutions lend themselves to a more useful model for non-emergencies so that usage under pressure is alleviated and familiarity is increased for emergency and non-emergency purposes.
- Iowa's emergency notification is NOT an opt-in solution. They are using an Enterprise Directory to track contact information.
Early this year, the tragedy that occured at Virginia Tech has brought safety and security issues to the surface for most, if not all colleges and universities across the nation. There has been alot of information provided from the private sector on this subject. I will try to provide an overview of the information I come across.
Below are some notes from a webinar presented by Rodney Petersen, Government Relations Officer, Security Task Force Coordinator from EDUCAUSE on the topic of Emergency Planning for Higher Educational Institutions.
- Colleges and universities have issues for safety and security. Legislation will likely be driven forward due to the the risk of these institutions being targets.
- Auto-notification systems used to communicate with stakeholders, should address an "all-hazards approach" using risk mitigation and risk management approaches.
- Universities should prepare an all-hazards plan based on emergency management principles to ensure safety, minimize disruption and ensure continuity of the learning environment.
- Policies may need to be revised or established for emergency planning:
- Campus Security Policy
- Mass Communication Policy (guidelines for using mass Email)
- Campus Privacy Policy (guidelines for use of personal cell phones)
- Colleges and universities will receive pressure from both state and federal legislation to do more in this area.
- Colleges and universities will be expected to develop solutions for communicating with stakeholders and may be negligent if they are not in compliance.
- All areas across the university from police to emergency management to information technology must support each other is a symbiotic way. Each area has their own specialized community of resources and need to work together for the best solutions.
The purpose of this blog is to share information about Penn State planning efforts in the area of business continuity.
Although my expertise focuses on business continuity, I will from time to time, post information about other aspects of planning as I come across it. Some of these areas will include emergency notification, crisis communication and crisis management.
Please feel free to comment on any of the information. This tool is for information sharing so I would like to read your thoughts and comments in these areas as I am sure other readers would too.
Please visit our webiste for more information:
http://ais.its.psu.edu/disaster_recovery/index.html
