ebook img

ERIC ED469331: Mission Continuity Planning: Strategically Assessing and Planning for Threats to Operations. PDF

70 Pages·2002·1 MB·English
by  ERIC
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview ERIC ED469331: Mission Continuity Planning: Strategically Assessing and Planning for Threats to Operations.

DOCUMENT RESUME ED 469 331 HE 035 291 Qayoumi, Mohammad H. AUTHOR Mission Continuity Planning: Strategically Assessing and TITLE Planning for Threats to Operations. National Association of Coll. and Univ. Business Officers, INSTITUTION Washington, DC. ISBN-1-56972-022-3 ISBN 2002-00-00 PUB DATE NOTE 69p. AVAILABLE FROM National Association of College and University Business Officials, P.O. Box 362, Annapolis Junction, MD 20701-0362 ($30, members; $45, nonmembers). Tel: 866-348-6300 (Toll Free); Web site: http://www.nacubo.org. Books (010) PUB TYPE Guides Non-Classroom (055) EDRS Price MF01/PC03 Plus Postage. EDRS PRICE *College Administration; *Educational Facilities Planning; DESCRIPTORS Higher Education; Natural Disasters; *Reliability; Risk; *Risk Management *Continuity; *Emergency Preparedness IDENTIFIERS ABSTRACT This book covers the principles of risk and risk management and offers a framework for analyzing the significant, often unforeseen threats facing higher education institutions today. It examines the critical elements of a disaster preparedness plan and addresses business continuity and mission continuity planning. The book also provides tools for calculating system reliability and examines facilities-related risks. The book guides institutions in putting plans in place to minimize or eliminate service interruption to the processes that are critical to the organization. The "Disaster Preparedness"; "Risk Management"; chapters are: (2) (1) (3) "Calculating System Reliability"; and (5) "Business Continuity Planning"; (4) "Addressing Facilities-Related Risks." (Contains 26 references.) (SLD) Reproductions supplied by EDRS are the best that can be made from the original document. i I \ I I I I I I I I I I I I I I U S PERMISSION TO REPRODUCE AND Office of DEPARTMENT OF Educational DISSEMINAT E THIS MATERIAL HAS EDUCATION Research and EDUCATIONAL BEEN GRANTED BY Improvement RESOURCES pechis CENTER INFORMATION (ERIC) document has been received from reproduced the person as originating it or organization Minor changes have been improve made to reproduction quality TO THE EDUCATIONAL RESOURCES Points of I view or INFORMATION CENTER (ERIC) document do opinions stated not in this official OERI necessarily represent position cr policy 0 t 4., I 1 Mission Continuity Planning %reds Opendions REmegiallily Assessing and Pkonning By Mohammad N. Qayoumi NACUBO Nation,' In., ion College and Unik orsitv ui 13t,int, 3 Copyright 2002 by NACUBO All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. National Association of College and University Business Officers Washington, DC www.nacubo.org Printed in the United States of America ISBN 1-56972-022-3 4 ii ACKNOWLEDGMENTS INTRODUCTION VII CHAPTER 1: RISK MANAGEMENT 1 Overview 1 Defining Risk and Uncertainty 2 Types of Risk 3 Strategic Risk 3 Financial Risk 4 4 Legal Risk Operational Risk 4 Risk Classification 7 Risk Analysis and Evaluation 8 Ensuring the Success of Your Risk Management Program 10 Reasons for Implementing Risk Management 10 CHAPTER 2: DISASTER PREPAREDNESS 13 Types of Disasters 13 Floods 14 Hurricanes and Tropical Cyclones 15 Tornados 16 Earthquakes 17 Tsunamis 18 19 Fires Bomb Threats 19 20 Acts of Terror USA Patriot Act of 2001 21 Elements in the Disaster Preparedness Plan 22 Key Steps in Developing a Disaster Preparedness Plan 23 Using a Policy Group and an Operations Group 24 Operations Unit 24 Finance Unit 24 Logistical Unit 25 Planning Unit 25 The Role of the Emergency Operations Center 25 ign COP! AURA It ILIA IV 26 Activating the Emergency Response Plan 26 EOC Operations 27 Attending to the Needs of Staff During and After an Emergency 28 Testing and Maintenance 29 Summary CHAPTER 3: BUSINESS CONTINUITY PLANNING 31 Information Technology and the Business Continuity Planning 31 Understanding the Risk of Cyber Attacks 33 34 Taking Steps to Protect Computer Systems and Networks 35 Creating a Business Continuity Plan 37 Business Recovery Services vs. Business Interruption Insurance 38 Rapid Recovery Systems Mission Continuity Planning 38 39 Developing a Mission Continuity Plan 43 CHAPTER 4: CALCULATING SYSTEM RELIABILITY 43 Defining System Reliability 43 Reliability Metrics 45 Analyzing System Reliability 45 Series Systems 45 Parallel Systems 46 System Availability 41 CHAPTER 5: ADDRESSING FACILITIES- RELATED RISKS 47 Strategies for Protecting Campus Infrastructures and Facilities 48 Electrical Distribution Systems 49 The Impact of Electrical Deregulation 50 Dependence on the Digital Economy Reducing the Risk of Power Interruptions 51 Water Distribution and Flooding Issues 52 Heating, Ventilation, and Air Conditioning 53 Managing Hazardous Materials in Facilities 55 56 Environmental Management System 56 Planning 56 Implementation and Operation 57 Auditing and Corrective Actions 57 Management Review 57 Conducting an Impact Evaluation 57 Benefits of an Environmental Management System New Technologies for Building Safety 58 58 Summary 59 REFERENCES 6 Mission Continuity Planning iv G want to express gratitude to the reviewers of this book, both for affirming and for chal- lenging my work. This book was considerably strengthened by the comments of Janice Abraham of United Educators, John Dvorak of Massachusetts Institute of Technology, Deborah Fisher of Massachusetts Institute of Technology, Jamie Lewis Keith of Massachusetts Institute of Technology, Sandra Lier of University of Washington, and John "Barry" Walsh of Indiana University. I am grateful to Michael Carbine, the extraordinary editor with whom I worked, and to I also would like to thank my wife, Najia, Donna Klinger of NACUBO for editorial direction. for her tremendous support as I worked on this book over the holiday season. Mohammad Qayoumi California State University, Northridge June 2002 Irecently heard an insurance commercial on the radio proclaiming that "If there were no risk, we could do anything." Moreover, if we lived in a deterministic universe, we need not worry about risk. But given the world we live in, risk is an important factor that comes into play in all but the most trivial decisions. All organizations in our society, including colleges and universities, must take risk into consideration and develop effective strategies for assuring the continuity of their operations so they can achieve the goals in their mission statements. The complexity of today's enterprises necessitates addressing business continuity as a systematic dis- cipline. Traditionally, business recovery plans dealt primarily with backup and recovery of indi- vidual systems in a disjointed fashion. The sole focus was identifying best available technolo- gies as redundant in the most cost-effective manner. For most institutions, business continuity planning was limited to operational issues by individual work units that dealt solely with disas- ter planning. Today, business continuity is viewed as a strategic issue involving all aspect of the enterprise. In other words, business continuity planning must be addressed as a core compe- tency rather than an isolated and disjointed exercise by individual operational units. Universities have expanded this concept under the title of "mission continuity planning." It is a sci- Mission continuity planning (MCP) is a delicate balance between science and art. ence because it requires a systematic discipline, and it is an art because it requires innovation, critical thinking, and creativity. Above all, the mission continuity plan must be tailored to the specific needs and circumstances of the institution. In today's complex and uncertain operating environment, all organizations are paying attention to the increasing costs generated by downtime and service interruptions. At the same time, the number and severity of potential threats that could cause service disruption have been growing exponentially. Consequently, senior college and university managers have also begun paying close attention to mission continuity planning. Clearly, mission continuity planning is a process that must be embraced and driven from the top down by college and university lead- ers. Doing this will ensure that the proper level of attention and resources are assigned to this activity so that an effective plan can be created and implemented. The terrorist attacks of COFff AVAIL/ME September 11th and subsequent acts of domestic terrorism demonstrated the necessity of hav- ing mission continuity plans in place, and were a reason for writing this book. The intent of this book is to provide college and university administrators with an overview of the basic concepts of mission continuity planning so they will have a better appre- ciation of their role in developing such plans. The first chapter discusses the concept of risk and its associated principles, and identifies the strategic, financial, legal, and operational risks to which colleges and universities are exposed, including specific activities that can create poten- tial vulnerabilities. Risks are classified, analyzed, and evaluated, and the importance of risk management is discussed. This chapter creates an overall framework by examining the signifi- cant threats facing today's colleges and universities. Chapter 2 addresses the importance of disaster preparedness and the critical elements in a disaster preparedness plan. Different types of disasters, including floods, hurricanes, tor- nados, earthquakes, tsunamis, fires, and acts of terrorism, are examined. In addition, threats posed by chemical, biological, and radiological agents are identified and the impact of the U.S. Patriot Act of 2001 is discussed. The balance of the chapter addresses the key steps in including the development of an emergency creating a disaster preparedness strategy, response plan, the kinds of units that should be included in developing such a plan, and the role and function of an emergency operation center. The chapter focuses primarily on the oper- ational issues associated with disaster preparedness planning. Chapter 3 addresses business continuity planning and the critical role that information technologies, including Enterprise Resources Planning (ERP), play in today's organizations and the potential threats facing these systems. The chapter examines the risk of cyber attacks by both hackers and crackers, attacks that can create havoc in college and university operations. The chapter also discusses the important differences between business continuity plans and business interruption insurance, as well as the role of rapid recovery systems. The major aspects of mission continuity planning are identified and addressed. Chapter 4 constitutes a departure from the first three chapters by addressing the concept of reliability in a quantitative manner. Key reliability metrics such as mean time between fail- are ures (MTBF), mean time to detect (MTTD), mean time to repair (MTTR), and availability defined. In addition, several techniques that can be used to analyze reliability and system avail- ability are also discussed. This intent of this chapter is to help the reader grasp the importance and utility of these mathematically complex concepts, and clarify the systemic issues caused by the failure of individual equipment in a network. The fifth and final chapter addresses facilities-related risks faced by today's college or university. It begins by discussing the importance of electrical power distribution systems, poten- tial risks related to power outages, and steps that can be taken to minimize the frequency and impact of power outages. The basic reliability requirements of power systems in a digital econ- omy versus the capability of existing electrical systems are discussed. The chapter then covers Mission Continuity Planning Viii 9 water distribution systems and flood issues, and potential threats to building heating, ventila- tion, and air conditioning systems. This issue has grown in importance since the September 11th terrorist attacks and subsequent domestic anthrax incidents; the air intake systems of many buildings are vulnerable to the malicious releases of life-threatening chemical or biological agents. The last chapter also discusses managing hazardous materials in facilities, for which the U.S. Patriot Act of 2001 has imposed new requirements. A list of references will help readers find additional and more detailed information on the various topics addressed in the book. 1Q INTRODUCTION ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.