university planning: for preparedness and...
TRANSCRIPT
940 Second Street
Portsmouth, OH 45662 1-740-351-3468
http://www.shawnee.edu/uis A University Information Services White Paper
University Planning: For Preparedness And Continuity A focus on IT Contingency Planning
By Chuck Warner
Director, University Information Systems
11/30/2005
Contents
The Challenge 2 The Charge 2 IT and Contingency Planning 3 Recommendations 11 Summary 11 Credits 11
IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, single equipment failure) to severe (Data Center in-accessible) from a variety of sources such as a natural disaster.
The Challenge Effective contingency planning, execution, and testing are essential to mitigate the risk of IT system loss and campus service disruption or unavailability. While many operational vulnerabilities may be minimized or eliminated through proactive efforts, it is virtually impossible to completely eliminate all risks. In order for IT Contingency Planning to be successful, the University must ensure its campus constituents:
• Understand the IT Contingency Planning process and its place within the current Emergency Response Planning process.
• Develop a Contingency Policy and Planning process that considers impact on business and academic operations, alternate site location and recovery of operations strategies.
• Develop a Business Continuity Plan that encapsulates both the Emergency Response Plan and the IT Contingency Plan
• Initiate a process that is maintained and tested regularly to identify potential vulnerabilities, stay abreast of functional changes and ensure operations can continue in the case of disruption in service.
The Charge In December of 2004 UIS was charged to develop and implement an off-site Disaster Recovery (DR) solution to ensure the risk of disruptions to critical business services are mitigated in the event of an emergency on campus, and that during a declared Disaster the University can recover mission-critical data and make it available to the campus from an off-site location.
This effort does not address facility-level or organization contingency planning, except for those plans required to restore information systems, data and the ability to process business functions. In addition, IT Contingency Planning does not specifically address business processes in its scope. Business Continuity Plans are comprised of larger-scope efforts that focus on interim business operations including those supported by IT as well as non-IT (manual) processes.
The Cabinet defines a Disaster as “Any unplanned event or combination of events resulting in a condition where University business and education can not function on the SSU campus (i.e. the physical site is in-accessible).”
On August 30, 2005, “Shawnee State became the first IUC University to install their Open Systems DR Environment at OSU” (John Ellinger, CIO).
IT and Contingency Planning IT Contingency Planning refers to a coordinated strategy involving plans, procedures and technical measures that enable the restoration of IT systems at an alternate location and the recovery of IT operations and data using alternate equipment, after a disruption. Also included in this effort is the strategy to support affected business processes until on-site recovery operations can be completed. University Information Systems (UIS) engaged in this planning effort in response to its charge to ensure its preparedness, to operate campus IT systems under degraded business conditions. The process itself can be defined by seven steps: 1. Develop the Contingency
Planning Policy Statement
2. Conduct a Business Impact Analysis
3. Identify Preventative Controls
4. Develop Recovery Strategies
5. Develop an IT Continuity Management Strategy
6. Plan for Testing and Training Exercises
7. Plan for Maintenance (of the Plan)
The Policy A Contingency Planning Policy Statement defines the University’s overall contingency objectives and establishes the organizational framework and responsibilities for IT Contingency Planning. It includes roles and responsibilities and the scope of effort required to satisfy University officials. For the purpose of UIS preparedness, the Cabinet defines the instance of a declared Disaster as a catastrophic condition, when recovery operations are initiated for designated mission-critical services and restored at an alternate location until operations return to normal on campus. The computing facility at The Ohio State University serves as SSU’s Disaster Recovery location.
Impact on SSU Business Understanding the critical business processes on campus, system requirements and their interdependencies is key to determining IT Contingency requirements and priorities. Performing a Business Impact Analysis serves to correlate supporting IT systems with the critical services they provide. Based on this information, the consequences to disruption of IT systems can be evaluated, and a plan for recovering these systems can be developed.
UIS completed an audit of its base computing environment, identifying each supported service on campus and designating those viewed as mission-critical to the University. Each Division was ultimately responsible for qualifying the service’s level of importance to sustaining the business function in question, communicating acceptable recovery periods for each. UIS references the UIS Supported Services diagram below as its source for depicting the findings of this audit.
Onsite Target COOP?
Vendor Support
Contract? Depends on Service Base Computing Environment Service Logical Component Service Service Module/Function NameMission Critical?
Offsite Recovery Required? Responsible Area
Maximum Recovery
PeriodNo No HEAT, eMail Telephone, SRV0024, Intranet, WAN Technicians, Help Desk, Staff UIS Help Desk UIS Help Desk Yes Yes UIS 72hrsNo Yes eMail SSU-UISDB Client App, DB Server HEAT HEAT No No UIS N/A
R25 v3.2 Client Interface Yes No Provost N/AR25 v3.2 Web Viewer No No Provost N/A
Yes Yes eMail, MySSU, CARS CSRV0038, SRV0042 Web / App Server, DB Server Blackboard 6.2 Blackboard 6.2 Yes No Provost N/AYes No SRV0MX1, SRV0MX2, SRV0005, SSUIEGMS Exchge Srvr, SMTP Srvr, Gateway eMail eMail Yes No VPBA N/AYes No PRINTSRV1, PRINTSRV2, LABS1, PRINTPrint Server, Printer Printing Printing (Network) Yes No VPBA N/AYes No SRV0004, SSUFA,MASSIE, SRV0017, LADFS, NAS, File Server Network File Storage My Documents, Public Shares Yes VPBA N/ANo No CARS CX, Extranet SRV0036, SRV0046, WAN Web App Server, DB Server, Extranet CAS CAS No No Provost N/ANo UIS CARS CX SRV0032, ZEUS Web App Server, DB Server Central Stores Central Stores No No VPBA N/AYes No WAN Internet Browser Internet Browsing, NNTP Internet Browsing, NNTP Yes VPBAYes Yes WAN, MASSIE, SRV0030 Web Server Extranet Access (MySSU) Extranet Access (MySSU) Yes Yes VPBA 72hrsYes Yes CARS CX SRV0035, SRV0036, ATLAS, Client PC FEITH DB Server, File Storage, Client AP
No
Yes* 72hrs
PDocument Imaging Document Imaging Yes VPBAFacilities Management (TMA) No No VPBA N/ATMA iServiceDesk Web No No VPBA N/A
No Yes Telephony, PBX, Network PBX, Network, Set Programming Voice Communications Voice Communications Yes No VPBA N/AYes No MASSIE Web Server Shawnee Web Site Shawnee Web Site Yes No VPBA N/A
CARS - HR Yes Yes VPBA 72hrsCARS - Payroll Yes Yes VPBA 72hrsCARS - GL/Budget/AP/Purch/AR/Grants Yes Yes VPBA 72hrsCARS - Billing/Payments Yes Yes VPBA 72hrsCARS - Admissions Records Yes Yes VPBA 72hrsCARS - Registration/Course/Spaces/Inst
Yes 72hrs
r Yes Yes VPBA 72hrsCARS - Student Financial Yes Yes VPBA 72hrsCARS - Alumni Development Yes Yes VPBA 72hrsCARS - Security No No VPBA N/ACARS - HEI Reports Yes Yes VPBA 72hrsCARS - Game Room No No VPBA N/ACARS - Athletic Center No No VPBA N/A
No No SRV0015 File Server Education Program Mgt Education Program Mgt No No Provost N/ANo Yes Shawnee Web Site WAN Internet Browser Ethics Point Web Site Ethics Point No No VPGC N/ATBD TBD TBD WAN Internet Browser Chase Bank Web Site Purchasing Card TBD TBD VPBA N/AYes No CARS WAN Internet Browser, File Transfer Ohio Board of Regents Web HEI State Reporting Yes Yes VPBA 72hrsYes Yes CARS WAN Internet Browser, File Transfer E Online Awards E Online Awards FAYes Yes WAN, SSUFA Internet Browser, File Transfer, Client Ap
Yes Yes 72hrspEdXpress EdXpress Yes Yes FA 72hrs
Yes Yes WAN, SSUFA Internet Browser, File Transfer, Clien App EdConnect EdConnect Yes Yes FA 72hrsYes CARS WAN Internet Browser, File Transfer Sallie Mae Loan Processing Sallie Mae Yes Yes FA 72hrs
MySSU - Faculty VPBA 72hrsMySSU - Student VPBA 72hrsMySSU - Staff VPBA 72hrsMySSU - Candidate VPBA 72hrsMySSU - Alumni/Constituent VPBA 72hrs
No SRV0015 Web Server, File Storage e-Portfolio e-Portfolio No No Provost N/AYes No CARS, Telephone Co Telephony ProComm Plus Client App, Telephone File Transfer - Payroll EFT File Transfer - Payroll EFT Yes VPBANo Yes Telephony, PBX Telephone, Fire Alarm, Safety Phones Fire and Safety Alarming Fire and Safety Alarming Yes No VPBA N/AYes No CARS Intranet, Check Printer w/Folder, Client P
Yes 72hrs
Cpp
Signature Key File Payroll/Financial Document Printing Check Printing Yes VPBANo No S-M Server Client App Sodexho Mariott POS Sodexho Mariott POS No No VPSA N/AYes No CARS B&N Server, Intranet, Zeus Client App, File Transfer Barnes and Noble POS Barnes and Noble POS No No VPBA N/AYes Yes Email, CARS Zeus, Client PC, WAN, Client (dB Server) eMail, Internet, Client App, Database Ser
No N/A
vQWEST eBill Companion Phone Bill Import CARS No No VPBA N/ANo Varies Client PC, WAN, Intranet Client PCs, Internet Browser, ? Instructional Software in Labs Various Software Packages No No Provost N/ANo No WAN, Client PC Client PCs ADA / Accessibility Software in Labs No No Provost N/A
No Yes Client PC, WAN, SSUFA Internet Browser, Client App Financial Aid Veterans Financial Aid Veterans DB/VAOnce Yes FANo Intranet, MAC OsX Visualist Lab Management Visualist Lab Management No No Provost N/ANo Yes WAN, Ticketing Server, Intranet Ticketing.com, User Interface Event Ticketing Event Ticketing No No VPGC N/ANo Yes III Server, Intranet, WAN Browser, Database, File Server BearTrack Online Library Resources Beartrack Online Library Resources No No Provost N/ANo EXTERNAL RESOURCES CLC Web Cam Monitoring CLC Web Cam Monitoring No No VPBA N/A
o Yes Intranet, DVMR Client App, DVMR Security Surveillance Security Surveillance No No VPBGC N/A
UIS Supported Services
Vendor Supported
YesYes
Yes YesCARS
ZEUS, ATLAS, ARIESInformix Database Server, CARS
Application Server, Apache Web Server
YesYes
Facilities Management (TMA)Client App, Database Server, Web ServerClient PC, Client (dB Server), Web Serve
Yes 72hrs
N
r
CARS
MySSUSRV0030, SRV0031, AtlasWeb Server, DB Server, CARS App
Server
Yes R25 v3.2Web Server, App Server, DB Server,
Client AppSRV0044, SRV0045, SRV0046
YesNo
Preventative Measures In some cases, disruptions in service can be mitigated or eliminated through preventative measures that deter, detect, and/or reduce impact to IT systems. Preventative methods are preferable to those steps required to recover and restore IT operations after a disruption. A wide variety of preventative controls can be implemented to minimize the impact of a service outage occurrence. UIS incorporates a number of these measures as a standard approach to deploying technology on campus. These include:
• Uninterruptible Power Supplies (UPS) with failover to generator • Isolated Circuits delivering power only to IT systems • Natural Gas powered generator providing long-term power in Kricker Data Center room • Environmental Controls including isolated air conditioning systems with fail over to building systems • FM 200 Fire Suppression systems in Kricker Data Center room • Water sensors in air conditioning units to detect excess moisture • Switched Power Distribution Units that can shutdown equipment via remote (IP) management • Daily scheduled backups and tape rotation management of all systems • Heat-resistant and water-proof containers for backup media • Physical security controls including combination locks on server cabinets and interior doors • A security architecture that manages policies for authorized access
A Plan for Continuous Operations IT systems can be very complex, with numerous components, interfaces, and processes. These systems often support multiple campus functions comprised of staff and faculty across campus. Physical buildings supported by extensive underground and building-specific infrastructure serve as the facility for delivering SSU’s commitment to higher education. One of the most challenging responsibilities charged to UIS is to make sense of these technology complexities, i.e. to put them into a perspective that can be managed, articulated and ultimately, operated on a continuous basis. The goal is for business to continue on campus, and when an unexpected event occurs that conflicts with this goal, there will be measures in place to circumvent this disruption so that business can continue without interruption. This is a daunting, recurring task, not resolved by a single purchase of equipment or person-hours of effort. UIS accepts this complex challenge and provides a unique, modular perspective to articulate how its IT systems fit into a logical and physical order of function. We refer to this as a technical architecture, comprised of physical equipment integrated with management hardware and software that constitutes a base computing environment. Independently they deliver policies for authorized access and offer interfaces for managing services. As a modular function, they work to guarantee a standard quality of service to the entire campus. This perspective affords UIS the opportunity to consider modular systems that fail-over to redundant systems during an interruption, systems based on standard deployments of technology that can be managed and scaled to purpose. UIS references its Security Architecture for Education (SAFE) diagram to depict its plan for Continuous Operations on campus.
Developing Recovery Strategies Recovery strategies provide for a plan to restore IT operations quickly and effectively following a service disruption. While it is impossible to plan for all contingencies, the failure modes can be generalized into a few categories by considering the magnitude of the loss of service as measured by the number of services lost, the expected duration, and the designation of services that are mission-critical for the University to continue business operations. While designated essential services must be reconstituted at an off-site facility during a disaster period, all services must eventually be restored to normal operations regardless of the degree of failure experienced. UIS depends on an articulated Backup and Recovery Strategy to enable staff to reconstitute a service within a specified period if the normal service computing environment becomes unusable. The characteristics of a service backup and restore process are defined by the recovery and restore requirements. The considerations for process design include:
• Minimizing the time to restore the service • Choosing the restore point frequency • Minimizing the complexity of both the backup and restore operations for each service • Assuring the availability of backup media and content • Protecting the backup media and content from loss, theft or damage • Providing documentation of execution for verification by auditors and use by personnel involved in restore
operations UIS has designed the IT Backup and Restore Plan with these parameters in mind. Each service component scheduled for backup is assigned to a Media Set. A Media Set consists of the number of tapes required to contain the backup content for a specified period. All services with compatible retention periods are assigned to the same Media Set. Shawnee State has two Data Centers, each providing backup services to servers in the other Data Center thus dislocating the backup data from the production version. Backups of services are executed once per day. This is accomplished by performing a full backup of all services once a week and supplementing these backups with incremental backups of changed data each day throughout the following six days. This cycle is repeated for all media sets to simplify the media management process. At each media change, a record is made of the inserted and removed media. The operator initials the record, and the media is transported to safe storage remotely located from the Data Center housing the live data. The Shawnee State IT Server Backup and Restore Plan is defined by information contained in the documents titled:
• Service Backup Retention Specification (from SLA) • Backup Media Usage Schedule • Server Backup Job Schedule • Server Backup Job Content Specification
Together these documents define the process for backup protection for all information services provided by UIS. The Backup Media Usage Schedule is depicted below.
Bold=Tape Insert* = Begin of CycleFull = Full Backup
Backup Server Media Set Size GB Time Server Qty Recycle Qty Recycle Qty Recycle Su M T W Th F SaServer MS001 52 -1/wk 52 Wk Father-Week01-52 Father-Week01-52 Father-Week01-52 *Father-Week01-52 Father-Week01-52 Father-Week01-52 Father-Week01-52Ultrium 2
Kricker 0:00 7 0:24 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 0:30 4.5 0:23 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 1:30 20.4 1:33 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 3:00 5.9 0:27 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 3:45 2.3 0:14 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 4:30 2.4 0:19 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 5:00 1.2 0:21 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 6:00 2.6 0:17 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 6:30 5 0:21 Srv00 Incremental Incremental Incremental Full Incremental Incremental Incremental
7:10Total 51.3 4:19
Sserver MS002 24 - 1/Wk 24 Wk Father-Week1-24 Father-Week1-24 Father-Week1-24 *Father-Week1-24 Father-Week1-24 Father-Week1-24 Father-Week1-24Ultrium2
Massie 17:00 Srv0 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 20:00 Srv0 Incremental Incremental Incremental Full Incremental Incremental Incremental
Server MS004 1/Wk Infinite Father-yyyymmdd Father-yyyymmdd Father-yyyymmdd *Father-yyyymmdd Father-yyyymmdd Father-yyyymmdd Father-yyyymmddUltrium2
Kricker 2:00 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 4:00 SRV00 Incremental Incremental Incremental Full Incremental Incremental Incremental
Server MS006 4 - 1/Wk 4 Wk Father-Week1-4 Father-Week1-4 Father-Week1-4 *Father-Week1-4 Father-Week1-4 Father-Week1-4 Father-Week1-4Ultrium 2 4 Threads to Disk
Massie 0:00 7.5 0:20 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 0:20 2.9 0:11 SSU Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 0:31 3.4 0:23 SSU Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 0:54 9.9 0:40 SSU Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 1:34 4.9 0:45 PSrv Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 2:19 2.5 0:30 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 2:49 3.8 0:40 PSrv Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 3:29 2.1 0:30 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 3:59 2 0:06 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 4:05 8.8 0:20 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 4:25 2.4 0:30 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 4:55 20.5 0:50 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 5:45 3.6 0:20 SRV00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 6:05 12.3 1:00 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 7:05 3.5 0:05 SRV00 Incremental Incremental Incremental Full Incremental Incremental Incremental
7:10Total 90.1 7:10
Server MS005 52 - 1 / Wk52 Wk Father-Week01-52 Father-Week01-52 Father-Week01-52 *Father-Week01-52 Father-Week01-52 Father-Week01-52 Father-Week01-52Ultrium 2 3 Threads to Disk
Kricker 0:00 1.7 0:05 Srv00 Full Full Full Full Full Full FullKricker 0:05 18 0:45 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 0:50 66.1 3:30 Srv00 Incremental Incremental Incremental Full Incremental Incremental IncrementalKricker 4:20 3.4 0:05 Srv00 Incremental Incremental Incremental Full Incremental Incremental Incremental
4:25 89.2 4:25
Server MS007 52 - 1 / Wk52 Wk Father-Week01-52 Father-Week01-52 Father-Week01-52 *Father-Week01-52 Father-01-52 Father-Week01-52 Father-Week01-52Ultrium 2 4 Threads to Disk
Massie 0:00 2 0:10 PSrv 0:10 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 0:00 3.1 0:20 SRV00 0:20 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 0:15 3.6 0:31 SRV00 0:46 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 1:30 23.8 2:45 Srv00 4:15 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 2:30 35.7 3:31 Srv00 6:01 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 4:00 16.5 2:41 Srv00 6:41 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 6:00 8.5 0:57 Srv00 6:57 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 6:45 5.5 0:33 Srv00 7:18 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 7:05 7.8 0:30 Srv00 7:35 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 7:00 2.5 0:19 Srv00 7:19 Incremental Incremental Incremental Full Incremental Incremental IncrementalMassie 7:15 7.3 0:36 SSU 7:51 Incremental Incremental Incremental Full Incremental Incremental Incremental
Total 116.3 12:53
RotationGF Father Son
A Plan for Off-Site Data Storage UIS recommends storing mission-critical data at an alternate location to the SSU campus. The UIS Contingency Plan includes a Service Level Agreement (SLA) with OSU to restore IT system operations at OSU’s DR facility on a warm-site basis, meaning the site is prepared to receive the system and recovery personnel, and the recovery equipment is currently in place to restore the data. Thus, it makes sense the location for SSU’s mission-critical data is in a proximate distance to this location, where services and data are available on demand. UIS is working to establish an off-site vaulting and data storage partner that meets this prerequisite, along with its security priority for transportation and storage of data. Additionally, UIS is completing efforts on campus to ensure all data going off-site is protected using the latest data encryption technologies. Evaluation of its data storage practices along with its backup software management vendor is a work in process. We anticipate having an implemented solution in place by the end of spring. Until then, UIS will continue to execute its current backup strategy, transporting stored media to an alternate location on campus based on its rotation schedule. UIS does not recommend off-site storage of media until all data targeted for storage is fully encrypted.
Continuity Management Strategy The UIS Continuity Management Strategy serves to reduce the risk of loss resulting from an unforeseen disruption of IT services supported by the department. The plan itself addresses the UIS role in overall Business Continuity Planning for the University. Continuity Management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disruption in the first instance. Continuity Management involves the following basic steps:
• Prioritizing recovery procedures by reviewing the results of the Business Impact Analysis • Performing a Risk Assessment for each of the IT Services to identify the assets, threats,
vulnerabilities and countermeasures for each service; • Evaluating the options for recovery; • Producing the Contingency Plan; • Testing, reviewing, and revising the plan on a regular basis.
Shawnee State University has organized its IT Service Continuity Management Plan in a way that reflects the activities identified in the National Institute of Standards and Technology’s Contingency Planning Guide for Information Technology Systems. While the guide presents activities as a sequential process, Shawnee State University recognizes its IT environment continuously evolves, requiring the Continuity Management Plan be updated to address vulnerabilities impacting both Continuous Operations and Disaster Recovery.
UIS has developed a framework for designing a comprehensive Continuity Management Plan, defining a scope of effort required for its Emergency Preparedness and Continuity, in the context of other plans necessary to meet Emergency Response requirements and sustain essential functions until normal business resumes. The diagram below depicts this framework, affording UIS the ability to engage in a managed approach to continuous improvement of its Contingency Planning process.
Plan Maintenance, Implementation and Testing To derive the most value from a Plan in general, it must become part of the daily operations of the business function. Picking up a documented Contingency Plan of this magnitude and complexity after it has been archived for long periods of time will serve little purpose during an unexpected event requiring an Emergency Response, unless the Plan reflects the current state of operations and can be procedurally referenced on demand. IT Plan testing is a critical component of viable contingency capability. Testing enables Plan deficiencies to be identified, and provides opportunities for improvement. Each component should be tested to confirm the accuracy of the restore and recovery procedure, and the overall effectiveness of the Plan. UIS engaged in initial efforts to test its restore and recovery procedures as part of the overall Continuity Management Plan, before its DR equipment transitioned to the OSU facility.
Recommendations UIS will continue to develop its Contingency Plan for Emergency Response. Furthermore, it will engage in the practice of testing this plan annually to address new vulnerabilities and changes in business processes on campus. UIS recommends the institution participates in a larger-scope effort of Business Continuity Planning (BCP), to address sustaining core business functions in addition to the IT systems which support these services, until normal business can resume on campus. The BCP should be tested in conjunction with the UIS Contingency Plan, on an annual basis to show its preparedness for dealing with unexpected interruptions in service.
Summary Information (IT) systems are vital components in most business processes. Because of their essential nature to the University’s success, it is critical services provided by these systems are able to operate efficiently without interruption. Contingency Planning supports this requirement for Emergency Preparedness via technical measures that enable systems to be recovered quickly and effectively following a service disruption or declared Disaster. UIS has completed its charge for delivering a Disaster Recovery (DR) solution at an off-site location, the OSU computing facility. Furthermore, it has engaged in a larger-scoped effort of developing plans and procedures for Continuity Management, providing a technical architecture and organizational framework for Continuous Operations.
Credits I would like to acknowledge Mark Yarnell and Rich Hawk for their significant contributions to this White Paper, and for the extended efforts of UIS staff to bring this document to life. A plan is only as good as the people committed to its execution. I am confident UIS looks forward to the day when everything goes as planned, and looks back to the day when a plan is in order.