Vulnerabilities to natural, man-made, and technology-driven disasters require university business units to plan and prepare for system disruptions. Business continuity planning includes the identification of vulnerabilities, priorities, dependencies, and measures required to facilitate continuity and recovery before, during, and after a crisis. The goal of the initiative is to develop system specific documentation to establish a customized continuity plan to prepare for IT disruptions. Through these efforts, the planning will be in place to keep the university business processes and academic services functioning, with minimal interruption.
System Business Continuity Classification
The system business continuity classification is used as a guide to assess and classify the criticality level of an IT system. The criticality of an IT system is in relationship to the business processes and services it provides to the university. The necessary business continuity plans and testing requirements are dependent upon the classification level assigned by the ISAM and BCM team.
Business Continuity Plans
Continuity planning represents a broad scope of activities designed to sustain and recover the business processes and critical systems of an organization. The extent of business continuity procedures necessary for an IT system depends on the criticality and risk assessment evaluation. The range of procedures for continuity planning includes the following, at a minimum, Business Impact Analysis (BIA) and Information System Contingency Plan (ISCP).
Business Impact Analysis characterizes the system components, supported mission/business processes, and inter-dependencies. The BIA purpose is to correlate the system with the critical mission/business processes and services provided, and based on that information, characterize the consequences of a disruption.
Information System Contingency Plan provides recovery and resumption procedures for a single information system resulting from disruptions that do not necessarily require relocation to an alternate site.
Business Continuity Testing, Training, and Exercises (TT&E)
The purpose of testing and carrying out exercises is to confirm the business continuity solution satisfies the organization's recovery requirements. The type of TT&E activities required and the frequency for conducting system tests are driven by the criticality level assigned to the system. A customized TT&E plan will be established prior to the completion of the business continuity plan(s).
Business Continuity Assistance
The Information Security and Access Management (ISAM) BCM team will coordinate with University departments regarding their IT business continuity planning initiatives. The BCM staff will provide the necessary education and resources needed throughout. If you have any questions regarding the business continuity procedures or your system, please contact IT Business Continuity Management at bcmit@umsystem.edu.
References
Reviewed 2024-02-23