If you need assistance in filling out any of this plan
Please contact Randy Jones at ext. 23868.
BUSINSS !"N#INUI#$ P%&N 'UI(%INS &N( #)P%&#S
If you need assistance in filling out any of this plan Please contact Randy Jones at ext. 23868.
Int*oduction
#he Uni+e*sity of #exas )edical B*anch and its e,ployees ha+e faced ,any disaste*s - f*o, the ./00 Sto*,1 the #exas !ity (isaste* of ./23 to hu**icanes !a*la in ./6.1 &licia in ./831 and lastly hu**icane I4e in 2008. In o*de* to ,aintain ou* status as one of the leading health ca*e institutions in the nation1 5e ,ust continue to 6e p*epa*ed fo* these and othe* potential disaste*s.
#he onset of ho,eland te**o*is, in the United States1 coupled 5ith the 'ulf !oast7s +ulne*a6ility fo* natu*al disaste*s ,a4e it essential fo* U#)B to ensu*e that plans a*e in place1 tested t*ue1 and +ia6le1 should 5e find ou*sel+es in a th*eatening situation - 6e it ,an8,ade o* natu*al.
#he*efo*e1 in *esponse to these challenges and in align,ent 5ith the 9o,eland Secu*ity &ct1 the #exas State Inf*ast*uctu*e P*otection !o,,ittee1 and State of #exas (epa*t,ent of Info*,ation Resou*ces :(IR;1 Info*,ation Se*+ices at U#)B has 6een as4ed to de+elop a ,odel Business !ontinuity Plan to assist you in de+eloping and testing 5o*4 plans fo* you* o5n a*eas. Ulti,ately1 you* plans should 6e st*uctu*ed to ,a4e it possi6le to continue to do 6usiness and function du*ing and afte* 5hate+e* c*isis ,ay a*ise.
IS 5ill also identify *esou*ces and coo*dinate the p*ocess fo* de+eloping1 testing and e+aluating these plans. !*itical functional a*eas ha+e 6een identified to pa*ticipate in this p*ocess and 5ill continue to 6e add*essed on an ongoing 6asis. #his yea*7s plan c*eation and testing 5ill include In+ision1 Signatu*e1 and PI!.
(e+eloping a Business !ontinuity Plan is a ,ulti8di,ensional p*ocess and includes a nu,6e* of phases as p*esc*i6ed 6y the (IR. #hese phases include< P*o=ect Initiation1 Business I,pact &nalysis1 Reco+e*y St*ategies1 Plan (e+elop,ent1 #esting1 and )aintenance > #*aining - all of 5hich 5ill 6e add*essed at U#)B.
It is i,pe*ati+e that each of ou* leade*s suppo*t and coope*ate in the de+elop,ent of the plans that 5ill 4eep U#)B ope*ating th*ough the ,ost difficult of ti,es. If you need assistance in filling out any of this plan Please contact Randy Jones at ext. 23868. Executive Summary
&n xecuti+e Su,,a*y of the Business !ontinuity Plan 5ill need to 6e const*ucted. #his 5ill 6e a 6*ief o+e*+ie5 of you* plan7s *eco+e*y st*ategy. #his should 6e done afte* you ha+e co,pleted section fou* :2; of this te,plate.
**** Examples from other Plans If you need assistance in filling out any of this plan Please contact Randy Jones at ext. 23868. #a6le of !ontents
.. Organizational Information of Plan
... xecuti+e Sponso*
..2 #ea, %eade*
..3 B!P P*o=ect #ea,
..3.. Select and Notify B!P P*o=ect #ea, #e,plate
..3.2 )ission !*itical &cti+ities
..2 Plan &pp*o+al
..? P*o=ect Plan
2. Objectives and Deliverables
2.... P*o=ect "6=ecti+es and (eli+e*a6les
3. Business Impact Analysis and is! Analysis
3.... Business I,pact &nalysis
3.2.2 n+i*on,ental (isaste*s
3.2.3 "*gani@ed and A o* (eli6e*ate (is*uption
3.2.2 %oss of Utilities and Se*+ices
3.2.? Buip,ent o* Syste, Cailu*e
3.2.6 Se*ious Info*,ation Secu*ity Incidents
3.2.3 "the* ,e*gency Situations
2. Business Interruption ecovery Plans
2.. Bac4up1 Reco+e*y and Resu,ption St*ategy
2.... Bac4up1 Reco+e*y and Resu,ption St*ategy #e,plate
2.2 Cacilities > ssential Buip,ent Bac4up and Reco+e*y St*ategy
2.2.. Cacilities > ssential Buip,ent Bac4up and Reco+e*y St*ategy #e,plate
2.3 (epa*t,ental and Uni+e*sity I# Syste,s Bac4up and Reco+e*y St*ategy
2.3.. (epa*t,ental and Uni+e*sity I# Syste,s Bac4up and Reco+e*y
If you need assistance in filling out any of this plan Please contact Randy Jones at ext. 23868. St*ategy #e,plate
#he xecuti+e Sponso* is the (epa*t,ental Rep*esentati+e o* '*oup that has the *esponsi6ility to ,a4e su*e that this c*itical function is deli+e*ed to the uni+e*sity. #he*efo*e it is the *esponsi6ility of the xecuti+e Sponso* to ,a4e su*e that a Business !ontinuity Plan is de+eloped1 ,aintained1 and tested.
#he xecuti+e Sponso* is *esponsi6le fo* the follo5ing< I,ple,enting the tea,1 (e+eloping a Business !ontinuity Policy State,ent1 Re+ie5ing Ris4 &nalysis1 &pp*o+ing o+e*all plan content1 Re+ie5ing all testing outco,esF and1 Re+ie5ing any changes and ,aintenance to the plan.
eturn to #able of 'ontents
2
..2 #ea, %eade*
Co* a p*o=ect of this significance and co,plexity to 6e successful1 a suita6ly Bualified #ea, %eade* 5ill need to 6e appointed. #he #ea, %eade* should possess good leade*ship Bualities1 a good unde*standing of 6usiness p*ocesses and 6usiness ,anage,ent and st*ong p*o=ect ,anage,ent s4ills.
&n alte*nate #ea, %eade* should also 6e appointed 5ho 5ould 6e a6le to ta4e o+e* the functions of the #ea, %eade* if needed.
It 5ill 6e the *esponsi6ility of the #ea, %eade* to ,a4e su*e the tea, is p*og*essing in acco*dance 5ith the P*o=ect Plan guidelines1 gi+e *egula* status *epo*ts to the Business !ontinuity Plan :B!P; Sponso*1 and o6tain app*o+al f*o, the Sponso* as needed.
eturn to #able of 'ontents 3
..3 B!P P*o=ect #ea,
#he Business !ontinuity Plan :B!P; P*o=ect #ea, ,e,6e*s should 6e selectedF pe*,ission o6tained fo* thei* in+ol+e,ent :if necessa*y;F and fo*,ally notified. ach of the ,ain 6usiness and ope*ational a*eas 5ithin the o*gani@ation should 6e *ep*esented on the B!P P*o=ect #ea,.
Rep*esentati+es f*o, each of the 4ey 6usiness a*eas should ha+e a co,p*ehensi+e unde*standing of ho5 thei* o5n 6usiness a*ea functions1 in addition to an o+e*all unde*standing of the o*gani@ation as a 5hole. ach a*ea *ep*esentati+e should 6e a6le to 6*ing to the B!P P*o=ect #ea, info*,ation on ho5 his o* he* o5n a*ea functions1 its 4ey 6usiness acti+ities o* suppo*t functions1 and its 4ey *is4 a*eas.
eturn to #able of 'ontents
2
..3.. Select and Notify B!P P*o=ect #ea,
ach of the 6usiness and ope*ational a*eas 5ithin the o*gani@ation a*e to 6e *ep*esented on the B!P P*o=ect #ea,. #he P*o=ect #ea, has o+e*all *esponsi6ility fo* the de+elop,ent and ,aintenance of the Plan. )e,6e*s of the B!P P*o=ect #ea, a*e cu**ently as follo5s<
#he follo5ing is a desc*ipti+e list of the o*gani@ation7s ,ission c*itical acti+ities andAo* c*itical 6usiness p*ocesses1 togethe* 5ith a 6*ief desc*iption of the 6usiness p*ocess and ,ain dependencies.
5E3 B*SI,ESS AEA
BIE. DES'IP#IO, O. B*SI,ESS PO'ESS $AI, DEPE,DE,'IES
eturn to #able of 'ontents 3
..2 Plan of &pp*o+al
P*ocedu*e fo* &pp*o+ing Business !ontinuity Plan :B!P; !ontent
#he*e ,ust 6e a clea* p*ocedu*e fo* adoption and app*o+al of the B!P. Updates and changes to the plan should also 6e included in this p*ocess.
#he tea, should select f*o, the follo5ing possi6le app*o+al phases.
&ppoint,ent of B!P #ea, )e,6e*s "+e*all Plan !ontent #esting Plan "utco,es !hangesA)aintenance to Plan
#he o6=ecti+es fo* the p*o=ect need to 6e clea*ly defined1 togethe* 5ith the deli+e*a6les. !oncise definition 5ill ena6le the B!P P*o=ect #ea, to focus its effo*ts on the ,ost i,po*tant issues and to ensu*e the 5o*4 unde*ta4en is *ele+ant in the context of the o*iginal p*o=ect expectations. #he depa*t,ental B!P sponso* 5ould no*,ally app*o+e these o6=ecti+es and deli+e*a6les.
Suggested Ho*ding fo* a Suita6le "6=ecti+e
#he p*o=ectIs p*inciple o6=ecti+e could 6e stated as< "The development and testing of a well structured and coherent plan which will enable the department / or function to recover as quickly and effectively as possible from an unforeseen disaster or emergency which interrupts normal business operations."
#he depa*t,ent A o* function could additionally ha+e a se*ies of su68o6=ecti+es 5hich could co+e* issues such as speciali@ed *esea*ch and de+elop,ent acti+ities1 the need to ensu*e that all e,ployees fully unde*stand thei* duties in i,ple,enting such a plan1 the need to ensu*e that info*,ation secu*ity policies a*e adhe*ed to 5ithin all planned acti+ities o* the need to ensu*e that the p*oposed contingency a**ange,ents a*e cost effecti+e.
Suggested Ho*ding fo* a Suita6le %ist of (eli+e*a6les
#he deli+e*a6les1 in outline1 should consist of<
Business Ris4 and I,pact &nalysis (ocu,ented acti+ities necessa*y to p*epa*e the depa*t,ent A o* function fo* possi6le e,e*gencies :including st*ategic *eco+e*y ,easu*es; (etailed acti+ities fo* dealing 5ith the (isaste* Reco+e*y Phase P*ocedu*e fo* ,anaging the Business Reco+e*y P*ocess Plan fo* testing the Business Reco+e*y P*ocess Plan fo* t*aining the staff in the Business Reco+e*y P*ocess P*ocedu*e fo* 4eeping the Plan updated *** Examples from other Plans eturn to #able of 'ontents ..
2.... P*o=ect "6=ecti+es and (eli+e*a6les
#o ena6le the B!P P*o=ect #ea, to focus effo*ts on the 4ey issues1 and to ensu*e the 5o*4 unde*ta4en is *ele+ant to the *eBui*e,ents of the p*o=ect1 the p*o=ectIs o6=ecti+es and deli+e*a6les ,ust 6e clea*ly defined. #he (epa*t,ent A xecuti+e Sponso* is *esponsi6le fo* app*o+al of o6=ecti+es and deli+e*a6les.
OB(E'#I+ES O. B'P PO(E'#7
)ain o6=ecti+e of B!P P*o=ect<
Su68o6=ecti+es of the B!P P*o=ect<
DE-I+EAB-ES O. B'P PO(E'#7
eturn to #able of 'ontents .2
3.. Business I,pact &nalysis
#he pu*pose of the Institutional Business I,pact &nalysis :BI&; is to assist executi+e leade*ship in dete*,ining the pe*cei+ed c*iticality of disc*ete U#)B 6usiness unit entities.
Ideally the BI& should facilitate the high le+el identification of< !o,,unity i,pacts "pe*ational i,pacts Cinancial i,pacts Regulato*y i,pacts &cc*editation i,pacts P*ocess inte*dependencies (ata sensiti+ity (o5nti,e tole*ance Reco+e*y co,plexity #echnology dependencies
Cu*the*1 the agg*egated *esults of the Institutional BI& 5ill ulti,ately define p*o=ect scope fo* a su6seBuent1 ,o*e *igo*ous e+aluation of associated se*+ices and 5o*4 p*oduct. 9ence1 please co,plete all Buestions and p*o+ide as ,uch info*,ation as possi6le to ensu*e 4ey data ele,ents a*e not ,issed.
NOTE !ee footnote below for e"amples of the term department
.. (epa*t,ent #as per $%! four digit Org &'(
2. (epa*t,ent &lign,ent :as per E"ecutive )evel %eporting !tructure;< # ( 'epartment within *usiness +nit #i.e,. $O-. is a department within !upport !ervices/ a business unit within *usiness -dministration( # ( *usiness +nit within Entity #i.e., !upport !ervices is a *usiness +nit within *usiness -dministration/ an entity(
3. (esc*iption of (epa*t,ent< #0hat are your department1s primary functions and processes2 0hat services does the department provide the +niversity2(
.3 2. P*ocess "utput< #0hat primary services, work products or information created/provided is made available by your department2 )ist 3 of the most important.
?. P*ocess Input< #0hat primary services/resources does your department rely on to perform its activities2 i.e., &nformation Technology/software, special equipment information, etc. )ist up to five.(
6. #he loss of these se*+icesA*esou*ces 5ould ha+e the follo5ing cu,ulati+e effect on entity function and p*ocesses<
: ; Significant ha*, o* effect #i.e., entity/department could supply some services/resources to the university but in such a diminished capacity that services would be unacceptable( : ; )ode*ate ha*, o* effect #i.e., entity/department could supply services/resources in a diminished but acceptable capacity to the university( : ; )ini,al ha*, o* effect #i.e., entity/department could supply services/resources to the university in a 4somewhat normal5 capacity by altering processes or procedures( : ; No ha*, o* effect #i.e., entity/department could to supply services/resources in a normal manner to the university(
.2 3. #he loss of you* depa*t,ent 5ould affect the follo5ing 6*eadth of ha*,< :chec4 all that apply;
: ; Potential endange*,ent to pu6lic health o* safety #i.e., the state, community, or any subset of population served. This would include patient, student, and staff health or safety( : ; &d+e*sely i,pact 6usiness1 o* o*gani@ation1 state agency1 office1 co,,ission1 6oa*d1 uni+e*sity1 institution1 cente*1 p*og*a,1 o* othe* entity exte*nal to U#)B #i.e., would adversely impact outside entities e"ternal to +T.*/ i.e., partnerships with other universities, research that supports other businesses, etc( : ; &d+e*sely i,pact U#)B only #i.e., would only impact +T.*1s service level or integrity/reputation( : ; No ha*, o* effect :i.e.1 entityAdepa*t,ent could supply se*+icesA*esou*ces in a no*,al ,anne* to the uni+e*sity;
8. #he loss of you* depa*t,ent 5ould ha+e the follo5ing effect on U#)B ,issions :select one;<
: ; )ino* effect on one di+ision o* 6usiness unit #the loss of your department would be an inconvenience to one department or business unit of the university.( : ; )ino* effect on the institution1 so,e di+isions1 o* 6usiness units #the loss of your department would be an inconvenience to several divisions or business units of the university( : ; )ode*ate effect on so,e di+isions o* 6usiness units #the loss of your department would cause some divisions to change procedures and the way their business functions are supplied to the university( : ; )ode*ate effect on the institution #the loss of your department would cause the university to alter the way they supply normal delivery processes( : ; !atast*ophic effect on one di+ision o* 6usiness unit #the loss of your department would cause seriously affect one division/business unit1s the inability to provide normal services to the university( : ; !atast*ophic effect on the institution1 so,e di+isions1 o* 6usiness units #the loss of your department would significantly impact normal services provided by the university.(
.? /. !ould this function 6e pe*fo*,ed fo* a pe*iod of ti,e at a *educed ope*ating efficiencyJ #i.e., degraded performance such as manual versus automated process(
If yes1 fo* ho5 longJ # ( )ess than 67 hours # ( +p to 8 to 3 days # ( 9reater than 3 days # ( 9reater than 6 weeks &dditional co,,entsJ
.0. 9o5 long could you* depa*t,ent 6e completely idle /i8e80 totally lost2 6efo*e it expe*iences o* c*eates a significant ad+e*se i,pactJ #i.e., 4totally lost5 cannot perform its functions in any capacity for any reason( # ( )ess than 67 hours # ( +p to 8 to 3 days # ( 9reater than 3 days # ( 9reater than 6 weeks
&dditional co,,entsJ
... 9o5 long can the depa*t,ent continue to function 5ithout its usual auto,ated info*,ation syste,s eithe* depa*t,ental o* cent*ali@ed U#)B syste,sJ :&ssu,e that loss of these syste,s occu*s du*ing the busiest0 or pea!0 %or! period82
/ 2 %ess than 22 hou*s
#Operation of the 'epartment has an e"treme reliance on information system and requires immediate disaster recovery plans, which have been tested, for the replacement/access to either internal or centrally supported systems. / 2 Up to 3 to ? days
#The department has a significant dependence on information systems. - ma:or interruption of service delivery would occur if information systems were unavailable for 8 to 3 days. / 2 Up to 2 5ee4s
#The 'epartment has a minimal reliance on information systems and, could function in a manual mode for up to two weeks at an acceptable service level.( / 2 )o*e than 2 5ee4s
#The 'epartment process/procedures are not dependent upon information systems and can be accomplished in a manual mode for an e"tended period of time until systems become available with no impact to service delivery.(
.6 .2. In the e+ent of a significant outage o* dis*uption1 5hen is the se+e*ity of i,pact ,o*e significantJ #i.e., if an outage occurs, are some months worse than others2 some days2 some hours2(
!hec4 all that apply / 2 some months versus others / 2 some days of the week versus others / 2 certain times of the day / 2 certain times of the year
#particular week of the month, month/quarter end, fiscal year end, etc.( / 2 no particular timing of an event is significantly greater than another
.3. C*o, the list of exposu*es 6elo51 please indicate the *elati+e i,po*tance of each type to the institution using the *ating scale of 0 to .01 fo* the specific depa*t,ent.
&lso using the scale of 0 to 21 indicate the se+e*ity of each i,pact and ho5 it 5ould escalate o+e* ti,e if the depa*t,ent 5as not a6le to function.
Exposure type elative Importance Scale 9:;9
0 K no i,po*tance ? K ,ode*ate i,po*tance .0K ext*e,e i,po*tance Impact Severity Scale 9 < = 0 K no i,pact . K little i,pact 2 K so,e i,pact 3 K significant i,pact 2 K se+e*e i,pact
-ess t1an >= 1ours *p to ? to @ days &reater t1an @ days &reater t1an > %ee!s -oss of revenue"cas1 flo% #'oes your department create revenue/cash flow to the university2(
-ost discounts #0ould the loss of your department create lost discounts2(
-ost interest earned #&f your department earns revenue/cash flow, would the loss of it also create lost interest earned2(
'ontractual fines"penalty #'oes your department perform contract work2 0ould there be fines or penalties, associated with not being able to fulfill these contracts2(
.ailure to deliver services"%or! product #0ould the loss of your department result in failure to deliver services/work product to anyone2(
.3
Exposure type elative Importance Scale 9:;9
0 K no i,po*tance ? K ,ode*ate i,po*tance .0K ext*e,e i,po*tance Impact Severity Scale 9 < = 0 K no i,pact . K little i,pact 2 K so,e i,pact 3 K significant i,pact 2 K se+e*e i,pact -ess t1an >= 1ours *p to ? to @ days &reater t1an @ days &reater t1an > %ee!s -oss of customers"reduced mar!et s1are"lost opportunity #0ould the loss of your department result in the loss of customers ;i.e. patients, students, research, etc< or the loss of market share or lost opportunity2(
Interest incurred #0ould the loss of your department result in some type of interest being incurred2(
Additional costs to recover #0ould the loss of your department require additional cost from acquisition of outside services, temporary employees, emergency purchases, rental/lease fees, wages paid to idle staff, relocation e"penses, capital outlays, etc2(
-iability"potential litigation #0ould the loss of your department/function result in liability or potential litigation2(
egulatory or non: compliance violations #0ould the loss of your department violate regulatory practices resulting in the division/university being non= compliant2(
Accreditation jeopardy or violations #0ould the loss of your department :eopardi>e any institutional accreditation or violate terms of that accreditation2(
.8 .2. "pe*ational I,pacts :those i,pacts that a*e difficult to Buantify ,oneta*ily 6ut can ha+e a significant1 long8te*, effect on the institution - use sa,e scale as Buestion .3;<
Exposure type elative Importance Scale 9:;9
0 K no i,po*tance ? K ,ode*ate i,po*tance .0K ext*e,e i,po*tance Impact Severity Scale 9 < = 0 K no i,pact . K little i,pact 2 K so,e i,pact 3 K significant i,pact 2 K se+e*e i,pact
-ess t1an >= 1ours *p to ? to @ days &reater t1an @ days &reater t1an > %ee!s !o,petiti+e &d+antage !onsu,e* !onfidence Repo*ting ReBui*e,ents ,ployee )o*ale !usto,e* Se*+ice Staff Retention Eendo* Relations Ho*4 Bac4log
.?. #he loss of you* depa*t,ent 5ould *esult in lost revenue"cas1 flo% f*o, fees1 collections1 inte*est1 penalties1 gifts1 g*ants1 etc. andAo* di,inish the depa*t,ent7s cost a+oidance capacity :i.e.1 fines1 penalties1 litigation1 etc.;
(u*ing the indicated ti,e after t1e disaster1 the loss 5ould 6e<
#ime .rame )ess than 67 hours ?@3AAB @3AAB=@C. L.)8L?) L?)8 L.0) ML.0) +p to 8 to 3 days ?@3AAB @3AAB=@C. L.)8L?) L?)8 L.0) ML.0) 9reater than 3 days ?@3AAB @3AAB=@C. L.)8L?) L?)8 L.0) ML.0) '*eate* than 2 5ee4s NL?00D @3AAB=@C. L.)8L?) L?)8 L.0) ML.0)
.8. Based upon you* expe*iences and 4no5ledge of you* en+i*on,ent1 select the state,ent that 6est *eflects the vulnerability of you* depa*t,ent to a p*olonged dis*uption o* outage. #Eulnerability can be related to availability of its technology infrastructure, speciali>ed or unique equipment, or any other limiting factor.(
: ; Not +ulne*a6le #No known factors that would cause a prolonged outage.( : ; So,e5hat +ulne*a6le #There are some factors present that may cause a prolonged outage. E"perience indicates a low likelihood of occurrence.( : ; Eulne*a6le #There are factors present that may cause a prolonged outage. E"perience indicates a medium likelihood of occurrence.( : ; xt*e,ely +ulne*a6le #There are multiple factors present that may cause a prolonged outage. E"perience indicates a high likelihood of occurrence.(
./. #he *esto*ation co,plexity of a depa*t,ent is the *elati+e ,easu*e of ho5 difficult it 5ould 6e to *eco+e* the depa*t,ent to an accepta6le le+el of se*+ice follo5ing a significant dis*uption. :!o,plexity can 6e *elated to a+aila6ility of its technology inf*ast*uctu*e1 speciali@ed o* uniBue eBuip,ent1 o* any othe* li,iting facto*.; Please *ate the co,plexity of you* depa*t,ent using the follo5ing definitions.
: ; asily *eco+e*a6le #-ssumes an alternate location and required information and/or data from off= premise storage.( : ; So,e5hat *eco+e*a6le #!ome information or elements may be difficult to replace in a reasonable timeframe.( : ; (ifficult to *eco+e* #.any of the elements of your department may be difficult to replace in a reasonable timeframe.( : ; xt*e,ely difficult to *eco+e* #There are elements that would be e"tremely difficult to replicate or the timeframe is e"tremely long.( 20. (oes you* depa*t,ent c*eate1 p*ocess1 ,anage1 o* sto*e identifia6le *eco*ds on pe*sons *elati+e to confidentiality o* p*i+acyJ :chec4 all that apply;
2.. (oes you* depa*t,ent c*eate1 p*ocess1 ,anage1 o* sto*e info*,ation that 5ould 6e of co,,e*cial +alue to pa*ties exte*nal to U#)BJ :chec4 all that apply;
22. %ist and 6*iefly desc*i6e additional depa*t,ental facto*s1 issues o* conce*ns not add*essed in this su*+ey 5hich should 6e conside*ed 5hen e+aluating the i,pact of the loss of this 6usiness unit depa*t,ent. &lso1 please list additional ite,s you 5ould conside* i,po*tant fo* the de+elop,ent of *eco+e*y st*ategies and plans fo* you* depa*t,ent.
(epa*t,ent Point of !ontact< OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
(ate< OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
#han4 you fo* you* ti,e and effo*t in co,pleting this su*+ey. 2.
3.2.. Ris4 &nalysis
#he B!P P*o=ect #ea, 5ill exa,ine each potential en+i*on,ental disaste* o* e,e*gency situation including1 6ut not li,ited to1 o*gani@ed dis*uption :i.e. hu,an cause;F loss of utilities and se*+ices dis*uptionF eBuip,ent o* syste, failu*eF se*ious info*,ation secu*ity incidentsF and any othe* dis*uption caused 6y othe* e,e*gency situations not al*eady co+e*ed.
ach of the a6o+e potential th*eats1 as 5ell as any othe*s that ,ight 6e uniBue to the indi+idual depa*t,ent o* function1 ,ust 6e exa,ined in detail and an analysis de+eloped to e+aluate the conseBuences of each. ach scena*io should also 6e assessed fo* possi6ility o* occu**ence :p*o6a6ility *ating;1 possi6le i,pact :i,pact *ating; and any co,pensating cont*ols that a*e in place. !o,pensating !ont*ols a*e inte*nal cont*ols that co,pensate fo* *is4.
#he B!P P*o=ect #ea, has exa,ined each potential en+i*on,ental disaste* o* e,e*gency situation. #he focus in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.
Potential en+i*on,ental disaste*s ha+e 6een assessed as follo5s<
PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents 22
3.2.3 "*gani@ed and A o* (eli6e*ate (is*uption
#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, Qo*gani@ed dis*uptionR. #he focus in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.
PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
26
3.2.2 %oss of Utilities and Se*+ices
#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, loss of utilities and se*+ices. #he focus in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.
Potential disaste*s as a *esult of loss of utilities and se*+ices ha+e 6een assessed as follo5s<
PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents 28
3.2.? Buip,ent o* Syste, Cailu*e
#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, eBuip,ent o* syste, failu*e. #he focus in this section1 is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.
Potential disaste*s as a *esult of eBuip,ent o* syste, failu*e ha+e 6een assessed as follo5s<
PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents 30
3.2.6 Se*ious Info*,ation Secu*ity Incidents
#he B!P P*o=ect #ea, has exa,ined each potential disaste* o* e,e*gency situation *esulting f*o, se*ious info*,ation secu*ity incidents. #he focus in this section is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.
Potential disaste*s as a *esult of se*ious Info*,ation Secu*ity incidents ha+e 6een assessed as follo5s<
PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent.
eturn to #able of 'ontents
32
3.2.3 "the* ,e*gency Situations
#he B!P P*o=ect #ea, has exa,ined each potential disaste* *esulting f*o, othe* e,e*gency situations. #he focus in this section is on the le+el of 6usiness dis*uption1 5hich could a*ise f*o, each type of disaste*.
"the* potential e,e*gency situations ha+e 6een assessed as follo5s<
PI,pact Rating should ta4e into conside*ation co,pensating cont*ols that ha+e 6een i,ple,ented to lessen the se+e*ity of e+ent. eturn to #able of 'ontents 33 2.. Bac48Up1 Reco+e*y and Resu,ption St*ategies
#his section of the Plan should contain a list of the 4ey ad,inist*ation and ope*ational p*ocesses 5ith an indication of the c*iticality of the p*ocess 5ithin the dis*uption pe*iod.
It is necessa*y to esta6lish standa*d ti,e86ands fo* ,easu*ing pe*iods 5hen1 du*ing an e,e*gency1 no*,al 6usiness se*+ices could 6eco,e una+aila6le. #hese ti,e86ands a*e then applied to each 4ey 6usiness p*ocess and an assess,ent ,ade of the financial and ope*ational i,pact fo* outages.
U#)B has esta6lished th*ee ti,e86ands fo* add*essing alte*nati+e p*ocedu*es.
ScheduledA&nticipated "utage - this option assu,es that co,,unication as 6een ,ade to all depa*t,ents that do5nti,e 5ill occu* at a p*e8posted data and ti,e du*ation :this is dete*,ined 6y the depa*t,ent;.
Unscheduled "utage - Sho*t (u*ation - this option assu,es that the*e is a se*+ice inte**uption1 6ut is p*o=ected to 6e of a sho*t8te*, du*ation :this is dete*,ined 6y the depa*t,ent;.
Unscheduled "utage - %ong (u*ation - this option assu,es that the*e is a se*+ice inte**uption1 due to syste,s o* facilities1 fo* an extended pe*iod of ti,e :this is dete*,ined 6y the depa*t,ent;.
Identify the potential dis*uption and i,pact to each of these p*ocesses. &dditionally identify alte*nati+e ,ethods of handling each of these acti+ities. )anual 6ac4 up p*ocedu*es 5ill 6e de+eloped fo* &d,inist*ation and "pe*ations functions as these a*e usually *elati+ely easy to i,ple,ent 5hen I# syste,s a*e not a+aila6le. #hese can often 6e suppo*ted 6y 6usiness o* office soft5a*e p*o+iding sp*eadsheet1 data6ase and 5o*d p*ocessing capa6ilities.
#o *esu,e no*,al ope*ations it is essential to plan fo* the potentially co,plex acti+ities necessa*y to co,plete you* *eco+e*y p*ocess. "nce the e,e*gency is o+e*1 you ,ay need to t*ansition f*o, a ,anual p*ocess 6ac4 to an elect*onic p*ocess. #his ,ay in+ol+e extensi+e data ent*y and *econciling of data. In o*de* fo* this p*ocess to 6e effecti+e1 it ,ust 6e ca*efully planned and st*uctu*ed. Resu,ption St*ategy contains the fo*,at fo* *eco*ding acti+ities1 5hich need to 6e1 ca**ied out in p*io*ity seBuence and 5hich pe*son o* tea,s a*e *esponsi6le fo* co,pleting those tas4s. Hhe*e supplies and +endo*s a*e *eBui*ed to supply goods o* se*+ices1 as pa*t of the *esu,ption p*ocess then these acti+ities 5ill 6e in+ol+ed.
eturn to #able of 'ontents 32
2.... Bac48Up1 Reco+e*y and Resu,ption St*ategies
Identify each essential acti+ity1 along 5ith its potential dis*uption and i,pact of each p*ocess. &dditionally identify alte*nati+e ,ethods of handling each of these acti+ities along 5ith *esu,ption p*ocedu*es fo* *esu,ing no*,al ope*ations. ach acti+ity 5ill ha+e a sepa*ate g*id.
ESSE,#IA- A'#I+I#IES S'4ED*-ED"A,#I'IPA#ED O*#A&E &enerally E /#ime .rameFF2 *,S'4ED*-ED O*#A&E < S1ort Duration E /#ime .rameFF2 *,S'4ED*-ED O*#A&E: -ong Duration G /#ime .rameFF2 :Na,e &cti+ity 9e*e;
Potential Disruption
Potential Impact7
ecovery Strategy
esumption Strategy
eturn to #able of 'ontents 3?
2.2 Cacilities and ssential Buip,ent Bac48Up and Reco+e*y St*ategies
)any unexpected e+ents can affect facilities and essential eBuip,ent that a*e +ital to continuation of no*,al 6usiness acti+ities. #hese include fi*e1 flood1 hu**icane1 te**o*ist acti+ity1 etc. #he #ea, ,ust the*efo*e de+elop a plan of ho5 to continue to p*o+ide 6usiness se*+ices to its custo,e*s in the e+ent of a disaste*1 5hich affects eithe* its facilities o* essential eBuip,ent.
He *eco,,end that each depa*t,ent contact and 5o*4 5ith Cacilities "pe*ations and )anage,ent :20/833283?00; to o6tain alte*nati+e locations fo* conducting you* 6usiness functions.
#his section of the Business !ontinuity Plan :B!P; 5ill contain details of such a**ange,ents and an esti,ate of potential costs.
eturn to #able of 'ontents 36
2.2.. Cacilities and ssential Buip,ent Bac48Up and Reco+e*y St*ategies
)any unexpected e+ents can affect facilities and essential eBuip,ent +ital to the continuation of no*,al 6usiness acti+ities. #his plan has the*efo*e 6een de+eloped to ensu*e a continued se*+ice to custo,e*s in the e+ent of a disaste* affecting eithe* the depa*t,ent7s A o* function7s facilities o* its essential eBuip,ent.
#he depa*t,ent7s A o* function7s 6ac48up and continuity st*ategies fo* its facilities and essential eBuip,ent a*e as follo5s.
;8 .A'I-I#IES
,A$E O. .A'I-I#IES A&EED BA'5:*P A,D 'O,#I,*I#3 S#A#E&3
#+se cut and paste facility to add further entries(
>8 ESSE,#IA- ED*IP$E,#
,A$E O. ED*IP$E,# DES'IP#IO, O. ED*IP$E,# -O'A#IO, 'OS# ES#I$A#E #O EP-A'E
&g*eed Bac48up !ontinuity St*ategy
33
,A$E O. ED*IP$E,# DES'IP#IO, O. ED*IP$E,# -O'A#IO, 'OS# ES#I$A#E #O EP-A'E
&g*eed Bac48up !ontinuity St*ategy
#+se cut and paste facility to add further entries(
eturn to #able of 'ontents 38
2.3 (epa*t,ental and Uni+e*sity I# Syste,s Bac48Up and Reco+e*y St*ategies
In 'ene*al one of the ,ost i,po*tant aspects of Business !ontinuity Planning fo* the ,a=o*ity of depa*t,ents o* functions is in choosing an app*op*iate st*ategy fo* the 6ac48 up and *eco+e*y of the I#8 6ased syste,s.
In this section of the Plan1 the 4ey 6usiness p*ocesses a*e ,atched against the I# syste, and an app*op*iate ti,e f*a,e to co,plete *eco+e*y is chosen. #his section ,ay *eBui*e in8depth *esea*ch to dete*,ine the *ele+ant costs of each st*ategy. It ,ay also 6e necessa*y to p*epa*e a detailed ReBuest fo* P*oposal fo* +endo*s to esta6lish the +ia6ility and cost of the p*efe**ed st*ategic app*oach.
!onside*ation should also 6e gi+en to the i,pact of potential se+e*e da,age to 6oth facilities and co,,unication7s syste,s1 5hich could ha+e a significant i,pact on the depa*t,ent7s Ao* function7s I#1 se*+ices and syste,s.
eturn to #able of 'ontents 3/
2.3.. (epa*t,ental and Uni+e*sity I# Syste,s Bac48Up and Reco+e*y St*ategies
"ne of the ,ost i,po*tant aspects of Business !ontinuity Planning is choosing of an app*op*iate st*ategy fo* the 6ac48up and *eco+e*y of I#8 6ased syste,s. !onside*ation has 6een gi+en to the i,pact on the depa*t,ent A o* function7s I# syste,s of potential se+e*e da,age to facilities o* co,,unications syste,s.
& su,,a*y of the (epa*t,ental I# syste,s and the ag*eed 6ac48up st*ategy a*e listed 6elo5. ach depa*t,ent syste,s 5ill also need to de+elop disaste* *eco+e*yA*esto*ation p*ocedu*es. :see exa,ple of U#)B Info*,ation Se*+ices disaste* *eco+e*y docu,entation;
20 & su,,a*y of the Uni+e*sity cent*ali@ed I# Syste,sA&pplications1 5hich suppo*t depa*t,ent functions1 and the Info*,ation Se*+ices contact info*,ation. #&t is &nformation !ervices responsibility to establish back=up strategy for the &T !ystem listed below(
,A$E O. I# S3S#E$ 5E3 B*SI,ESS PO'ESS S*PPO#ED PO#E,#IA- I$PA'#
!a,pus (ata Net5o*4 !onnecti+ity fo* data accessAexchange f*o, all se*+e*s on the ca,pus. Ina6ility to accessAp*ocess data filed on any se*+e* on the ca,pus. IS 'O,#A'# I,.O$A#IO,H IS 9elp (es4 - ext 2?200
,A$E O. I# S3S#E$ 5E3 B*SI,ESS PO'ESS S*PPO#ED PO#E,#IA- I$PA'#
#he B!P P*o=ect #ea, has assessed 6oth elect*onic *eco*ds and pape* 6ased *eco*ds listed 6elo5 as 6eing +ital andAo* sensiti+e to the o*gani@ations 6usiness acti+ities. St*ategies fo* p*otecting and *eco+e*ing these docu,ents ha+e 6een *e+ie5ed and a*e docu,ented 6elo5.
Na,e of (ocu,entAReco*d B*ief (esc*iption (oes this docu,ent hold confidential o* sensiti+e info*,ation :5hat type; %ocation 9eld
Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<
Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,ageJ
Na,e of (ocu,entAReco*d B*ief (esc*iption (oes this docu,ent hold confidential o* sensiti+e info*,ation :5hat type; %ocation 9eld
Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<
Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,ageJ
22
Na,e of (ocu,entAReco*d B*ief (esc*iption (oes this docu,ent hold confidential o* sensiti+e info*,ation :5hat type; %ocation 9eld
Hhat safegua*ds a*e in place to p*otect *eco*ds f*o, da,age andAo* disclosu*e<
Hould these docu,ents need so,e type of *esto*ation in the e+ent of da,ageJ
23
2.? Dey Staff
,ployees a*e an i,po*tant and +alua6le assets 5ho in an e,e*gency 5ill assist depa*t,ent A o* function in a Buic4 *eco+e*y. )ain supplie*s of c*itical goods and se*+ices a*e also essential to continue to suppo*t *eco+e*y of 6usiness ope*ations to no*,al ope*ating ,ode.
$ou* (isaste* Reco+e*y Plan and B!P 5ill *ely p*incipally on 4ey ,e,6e*s of ,anage,ent and staff 5ho 5ill p*o+ide the technical and ,anage,ent s4ills necessa*y to achie+e a s,ooth 6usiness *eco+e*y p*ocess. #hese 4ey ,e,6e*s of ,anage,ent o* staff 5ill 6e selected and *esponsi6le fo* the i,ple,entation of the B!P in the e+ent of an e,e*gency. & 5ell8o*gani@ed and st*uctu*ed app*oach 5ill *educe the potential fo* the unexpected c*isis to 6eco,e un,anagea6le.
#his info*,ation is fo* depa*t,ental use and 5ill not 6e gene*ally dist*i6uted.
eturn to #able of 'ontents
22
2.?.. Dey Pe*sonnel
Hhen an e,e*gency occu*s it is necessa*y to ha+e access to all 4ey pe*sonnel fo* the functional a*eas and syste,s affected 6y the c*isis. #his info*,ation should 6e ,ade a+aila6le to the B!P *eco+e*y tea,s and should 6e constantly updated.
#his section of the B!P 5ill contain a list of 4ey pe*sonnel1 thei* position1 functional a*ea1 and p*ocedu*es o* syste,s fo* 5hich they a*e *esponsi6le. #his section 5ill also include no*,al and e,e*gency contact info*,ation. #his info*,ation is fo* depa*t,ental use and 5ill not 6e gene*ally dist*i6uted.
(ue to changes in pe*sonnel :i.e. att*ition1 ,o+es1 etc it is *eco,,ended that this 6e tested and updated at least Bua*te*ly.;
It is necessa*y to p*epa*e fo* e,e*gencies 5he*e the depa*t,ent7s supplies ,ay 6e dest*oyed o* uno6taina6le th*ough usual sou*ces. Such an occu**ence could1 fo* exa,ple1 6e caused th*ough fi*e o* flood da,age.
#he depa*t,ent A o* function should decide on a suita6le st*ategy to deal 5ith this situation1 5hich could include holding an e,e*gency stoc4 of supplies at an off8site location. <e*nati+ely1 the B!P could include a list of e,e*gency supplies1 5hich could 6e o*de*ed on a next8day deli+e*y 6asis. (etails of alte*nati+e supplie*s should also 6e included1 in the e+ent that you* no*,al supplie* is also affected 6y an e,e*gency.
#his section of the B!P should include info*,ation on the supplies held off8site1 togethe* 5ith a list of ite,s that could 6e o*de*ed in an e,e*gency at sho*t notice. It should also list alte*nati+e supplie*s.
eturn to #able of 'ontents 23
2.3.. !*itical Supplies
In the e+ent of an e,e*gency 5he*e the depa*t,ent7s supplies a*e dest*oyed1 6ac48up stoc4 can 6e o6tained f*o, off8site locations1 as follo5s. &lso listed 6elo5 a*e details of supplie*s 5ho can p*o+ide e,e*gency supplies on a next8day deli+e*y 6asis.
(epending upon the natu*e of the disaste*1 it is feasi6le that +endo*s of c*itical se*+ices ,ay also 6e affected. #his can affect you* o5n 6ac48up and *eco+e*y a**ange,ents 5he*e you* depa*t,ent is dependent upon a pa*ticula* +endo* fo* that *eco+e*y p*ocess to 6e achie+ed successfully. It is i,po*tant the*efo*e that you* o5n 4ey +endo* also ha+e an effecti+e B!P fo* dealing 5ith e,e*gencies. $ou should *eBuest info*,ation f*o, you* +endo*s to ensu*e they ha+e this.
#his section of the B!P should include a list of 4ey +endo*s the c*itical se*+ices they a*e supplying1 thei* no*,al contact info*,ation1 and thei* e,e*gency contact info*,ation. Cu*the* conside*ation should 6e gi+en to +endo*s 5ho 5ould 6e a6le to p*o+ide c*itical se*+ices in the e+ent of failu*e to deli+e* f*o, one of you* identified 4ey +endo*s.
eturn to #able of 'ontents 2/
2.8.. !*itical Eendo*s
%isted 6elo5 a*e the depa*t,ent A function 4ey +endo*s 5ho ,ay need to 6e contacted in the e+ent of an e,e*gency. In the e+ent of these *egula* +endo*s a*e not a6le to p*o+ide the se*+ices *eBui*ed in an e,e*gency1 an alte*nati+e list of +endo*s has also 6een identified.
&ll staff should 6e t*ained in the 6usiness continuity p*ocess. #his is pa*ticula*ly i,po*tant 5hen the p*ocedu*es a*e significantly diffe*ent f*o, those pe*taining to no*,al ope*ations. #his t*aining ,ay 6e integ*ated 5ith the t*aining phase o* handled sepa*ately.
& t*aining needs assess,ent ,ust 6e conducted to identity 5hat t*aining should 6e esta6lished. #he plan ,ust specify 5hich pe*son o* g*oup of pe*sons *eBui*es 5hich type of t*aining. It is t is necessa*y fo* all ne5 o* *e+ised p*ocesses to 6e explained ca*efully to the staff. Co* exa,ple it ,ay 6e necessa*y to ca**y out so,e p*ocess ,anually if the I# syste, is do5n fo* any length of ti,e. #hese ,anual p*ocedu*es ,ust 6e fully unde*stood 6y the pe*sons 5ho a*e *eBui*ed to ca**y the, out. Co* la*ge* o*gani@ations it ,ay 6e p*actical to ca**y out the t*aining in a class*oo, en+i*on,ent1 ho5e+e*1 fo* s,alle* o*gani@ations the t*aining ,ay 6e 6ette* handled in a 5o*4shop style.
#his section of the B!P 5ill identify fo* each 6usiness p*ocess 5hat type of t*aining is *eBui*ed and 5hich pe*sons o* g*oup of pe*sons need to 6e t*ained.
?.. #*aining &ssess,ent
5E3 B*SI,ESS AEA #3PE O. #AI,I,& ED*IED PESO,S O &O*PS #O BE #AI,ED ,O8 O. PESO,S
eturn to #able of 'ontents ?.
?.2 #*aining !o,pleted
It is i,po*tant to 4eep a *eco*d of all e,ployees 5ho ha+e 6een t*ained in the B!P P*ocess.
PESO,S O &O*PS #O BE #AI,ED 5E3 B*SI,ESS AEA #AI,ED DA#E 'O$P-E#ED
eturn to #able of 'ontents ?2
6.0 Plan #esting
&n untested plan can often 6e ,o*e of a hind*ance than help. #he a6ility of the B!P to 6e effecti+e in e,e*gency situations can only 6e assessed if *igo*ous testing is ca**ied out in *ealistic conditions. #he B!P #esting Phase contains i,po*tant +e*ification acti+ities1 5hich should ena6le the plan to stand up to ,ost dis*upti+e e+ents.
#he B!P should 6e tested 5ithin a *ealistic en+i*on,ent1 5hich ,eans si,ulating conditions1 applica6le in an actual e,e*gency. It is also i,po*tant that the pe*sons 5ho 5ould 6e *esponsi6le fo* those acti+ities in a c*isis ca**y out the tests.
In ,ost cases a ta6letop test 5ill 6e conducted. & scena*io 5ill 6e gi+en to you* B!P g*oup along 5ith Buestions that 5ill need to 6e ans5e*ed du*ing the test.
eturn to #able of 'ontents ?3
3.0 Plan )aintenance
It is necessa*y fo* the B!P updating p*ocess to 6e p*ope*ly st*uctu*ed and cont*olled. #his 5ould include an e+aluation of the (isaste* Reco+e*y Plan :I# Plan; fo* potential change due to the dyna,ic natu*e of the th*eat population and syste, configu*ation
Hhene+e* changes a*e ,ade to the B!P they a*e to 6e fully tested and app*op*iate a,end,ents should 6e ,ade to the t*aining ,ate*ials. #his 5ill in+ol+ed the use of fo*,ali@ed change cont*ol p*ocedu*es unde* the cont*ol of the B!P #ea, %eade*.
#he follo5ing fo*, should 6e used fo* the *eBuest and app*o+al of such changes. Collo5ing app*o+ed changes to the plan1 it is i,po*tant that the B!P leade*1 B!P *eco+e*y tea,1 xecuti+e Sponso* and the IR) a*e 4ept fully info*,ed.
eturn to #able of 'ontents ?2
3.. #est all !hanges to Plan
Hhene+e* the*e is a change to the B!P Plan a co,plete test should 6e ca**ied out and docu,ented.
Collo5 the app*op*iate test p*ocedu*es as outlined in Section ? of this plan.
eturn to #able of 'ontents ??
8.0 Post Incident &nalysisARepo*t
"n co,pletion of any incident1 that i,pacts you* deli+e*y of no*,al se*+ice1 the B!P #ea, should p*epa*e an incident analysis on you* B!P plan. #his is to assess the adeBuacy of the plan and any deficiencies.
#he p*incipal o+e*all o6=ecti+es in conducting the post incident analysis a*e toF +e*ify that the 6usiness *eco+e*yA*esu,ption plans a*e cu**ent and up to date1 that the *eco+e*yA*esu,ption plan pe*fo*,ed effecti+ely and *eco+e*ed the affected functions1 identify a*eas of the plan to i,p*o+e1 e+aluate the flo5 of co,,unications1 and e+aluate the effecti+eness of the plan.
?6
8.. Post Incident &nalysis
#he B!P tea, has *e+ie5ed the follo5ing incident.
(ate of incident<
#i,e< (esc*iption of incident<
Hhat c*itical functionAfunctions 5e*e inte**upted du*ing this incidentJ
(id you* B!P add*ess the *eco+e*y of the inte**upted c*itical function effecti+elyJ If not1 5hat a*eas of the *eco+e*y plan can 6e i,p*o+edJ
(id co,,unication flo5 effecti+elyJ
Hhe*e the*e any p*o6le,s getting o* *ecei+ing co,,unicationsJ
Hhe*e all phone nu,6e*s accu*ate and a+aila6leJ
?3
Hhat changes need to 6e ,ade to the B!PJ
Hho 5ill 6e ,a4ing the changes to the plansJ
Hill changes need to 6e testedJ
Hho 5ill app*o+e the changes ,ade to the B!PJ
Hho 5ill 6e *epo*ting changes ,ade to the xecuti+e Sponso* of the planJ
?8
/.0 'lossa*y of #e*,s
Act of Sabotage7 &n act of sa6otage is the deli6e*ate se*ious dis*uption of an o*gani@ation7s acti+ities 5ith an atte,pt to disc*edit o* financially da,age the o*gani@ation. Business 5ill often 6e i,,ediately and se*iously affected 6y successful acts of sa6otage. #his can affect the no*,al ope*ations and also se*+e to de8sta6ili@e the 5o*4fo*ce. &n inte*nal attac4 on the I# syste,s th*ough the use of ,alicious code can 6e conside*ed to 6e an act of sa6otage.
Act of terrorism7 &cts of te**o*is, include explosions1 6o,6 th*eats1 hostage ta4ing1 sa6otage and o*gani@ed +iolence. Hhethe* this is pe*pet*ated th*ough a *ecogni@ed te**o*ist o*gani@ation o* a +iolent p*otest g*oup1 the effect on indi+iduals and 6usiness is the sa,e. Such acts c*eate unce*tainty and fea* and se*+e to desta6ili@e the gene*al en+i*on,ent.
Act of Aar7 &n act of 5a* is the co,,ence,ent of hostilities 6et5een one count*y and anothe*. #his could ta4e the fo*, of ai* st*i4es1 g*ound st*i4es1 in+asion o* 6loc4ades. Business could 6e i,,ediately affected 5he*e they a*e eithe* located nea* the out6*ea4 of hostilities o* 5he*e they a*e dependent upon i,po*ts o* expo*ts fo* su*+i+al. )any 6usinesses do not su*+i+e a p*olonged out6*ea4 of 5a*.
Air conditioning failure7 &n ai* conditioning :&!; failu*e could ha+e se*ious conseBuences 5he*e the &! unit is p*otecting pa*ticula*ly sensiti+e eBuip,ent such as a ,ain co,pute* p*ocessing unit1 and the *ise in te,pe*atu*e could cause the eBuip,ent to fail and 6e da,aged. It can also affect the 5o*4fo*ce as conditions in 6uildings can 6eco,e ext*e,ely unco,fo*ta6le 5ith a significant *ise in te,pe*atu*es and 5he*e the staff is ad+e*sely affected. Po*ta6le &! eBuip,ent ,ay possi6le 6e used as 6ac4 up.
Alert7 & fo*,al notification that an incident has occu**ed 5hich ,ay de+elop into a disaste*.
Alternate Site7 & location 5he*e c*itical 6usiness functions can *esu,e p*ocessing in the e+ent of an inte**uption o* disaste*.
Arson7 &*son is the deli6e*ate setting of a fi*e to da,age the o*gani@ations p*e,ises and contents. &s this can cause 6oth loss of p*e,ises and loss of goods and othe* assets1 this can 6e highly dis*upti+e to the o*gani@ation.
Building denial7 &ny da,age1 failu*e o* othe* condition1 5hich causes denial of access to the 6uilding o* the 5o*4ing a*ea 5ithin the 6uilding1 e.g. fi*e1 flood1 conta,ination1 loss of se*+ices1 ai* conditioning failu*e1 and fo*ensics.
?/ Business 'ontinuity Plan7 & collection of p*ocedu*es and info*,ation that is de+eloped and ,aintained in *eadiness fo* use in the e+ent of an e,e*gency o* disaste*.
Business 'ontinuity Planning /B'P27 P*epa*ations ,ade to 4eep a 6usiness *unning du*ing and afte* a disaste*1 ensu*ing the a+aila6ility of those *esou*ces *eBui*ed to ,aintain the ongoing +ia6ility of the o*gani@ation.
Business 'ontinuity #eam -eader7 & ,e,6e* of the *eco+e*y ,anage,ent tea, 5ho is assigned the o+e*all *esponsi6ility fo* coo*dinato* of the *eco+e*y planning p*og*a, ensu*ing tea, ,e,6e* t*aining1 testing and ,aintenance of *eco+e*y plans.
Business impact analysis /BIA27 & ,anage,ent le+el analysis1 5hich identifies the i,pacts of losing co,pany *esou*ces. #he BI& ,easu*es the effect of *esou*ces loss and escalating losses o+e* ti,e in o*de* to p*o+ide senio* ,anage,ent 5ith *elia6le data upon 5hich to 6ase decisions on *is4 ,itigation and continuity planning.
Business Impact Assessment /BIA27 &s4 the follo5ing Buestions< 9o5 6ad can things getJ Hhat a*e the ,ost i,po*tant *esou*ces1 syste,s1 outputs1 and dependencies 6y 6usiness functionJ Hhat i,pact does una+aila6ility ha+eJ
'old Site7 "ne o* ,o*e data cente*s o* office space facilities eBuipped 5ith sufficient p*e8Bualified en+i*on,ental conditioning1 elect*ical connecti+ity1 co,,unications access1 configu*a6le space and access to acco,,odate the installation and ope*ation of eBuip,ent 6y c*itical staff *eBui*ed to *esu,e 6usiness ope*ations.
'ommand 'enter< #his is the location set up fo* ,anage,ent and B!P to ope*ate f*o, du*ing e,e*gency situations. #he continuity plan docu,ent and othe* needed *esou*ces should 6e ,aintained the*e.
'ommunications services brea!do%n7 )ost 6usinesses a*e fully dependent upon thei* teleco,,unications se*+ices to ope*ate thei* no*,al 6usiness p*ocesses and to ena6le thei* net5o*4s to function. & dis*uption to the teleco,,unications se*+ices can *esult in a 6usiness losing *e+enue and custo,e*s. #he use of cell86ased telephones can help to alle+iate this 6ut the ,ain *eliance is li4ely to 6e on the land 6ased lines.
'ontamination and Environmental 4azards7 !onta,ination and en+i*on,ental ha@a*ds include polluted ai*1 polluted 5ate*1 che,icals1 *adiation1 as6estos1 s,o4e1 da,pness and ,ilde51 toxic 5aste and oil pollution. )any of these conditions can dis*upt 6usiness p*ocesses di*ectly and1 in addition1 cause sic4ness a,ong e,ployees. #his can *esult in p*osecution o* litigation if ,o*e pe*,anent da,age to e,ployees7 health occu*s.
'ontrollable7 U#)B 5ould 6e a6le to exe*cise *est*aint and di*ect influence o+e* the e+ent1 *e,aining in *elati+e cont*ol of 6usiness.
60 'risis7 &n a6no*,al situation1 o* pe*ception1 5hich th*eatens the ope*ations1 staff1 custo,e*s o* *eputation of an ente*p*ise.
'ritical7 U#)B 5ould find that Buality1 se*+ice1 andAo* p*ope*ty could suffe*1 causing a change o* dis*uption in 6usiness *esulting in a ,ode*ate state of c*isis o* e,e*gency.
'ritical Business .unctions< #hose functions conside*ed essential to the ongoing ope*ation of the o*gani@ation o* 6usiness unit. !*itical functions also include anything that ,ight ad+e*sely i,pact se*+ice deli+e* o* significantly i,pai* the ad,inist*ati+e o* financial integ*ity of the o*gani@ation.
'yber crime7 !y6e* c*i,e is a ,a=o* a*ea of info*,ation secu*ity *is4. It includes attac4s 6y hac4e*s1 denial of se*+ice attac4s1 +i*us attac4s1 hoax +i*us 5a*nings and p*e,editated inte*nal attac4s. &ll cy6e* c*i,e attac4s can ha+e an i,,ediate and de+astating affect on the o*gani@ation7s no*,al 6usiness p*ocess. #he a+e*age cost of an info*,ation secu*ity incident has 6een esti,ated at S301000 and o+e* 60T of o*gani@ations a*e *epo*ted to expe*ience one o* ,o*e incident e+e*y yea*.
Devastating7 U#)B se*+ices 5ould 6e significantly deg*aded1 6ut 5ould 6e a6le to conduct 6usiness.
Disaster ecovery 'oordinator7 &cti+ates (isaste* Reco+e*y Plan. Ho*4s 5ith ad,inist*ation1 ad+iso*y co,,ittees1 and (isaste* Reco+e*y #ea, to allocate *esou*ces and coo*dinate i,ple,entation of the (isaste* Reco+e*y Plan. Se*+es as the p*i,a*y contact and coo*dinates the *eco+e*y effo*t. Insu*es that status of the *eco+e*y effo*t is co,,unicated to the app*op*iate le+els of the o*gani@ation. Insu*es that a post ,o*te, *e+ie5 is conducted and that upg*ades a*e inco*po*ated into the plan as app*op*iate.
Disaster ecovery Planning /DP27 #ypically1 the technology aspects of a 6usiness continuity plan1 to *eco+e* info*,ation syste, *esou*ces to full o* pa*tial p*oduction p*ocessing le+els in the e+ent of an extended outage. No*,ally1 info*,ation syste, *esou*ces 5ill 6e *esto*ed acco*ding to a p*io*ity indicated 6y 5hat is Q,ission c*iticalR to the o*gani@ation.
Disclosure of sensitive information7 #his is a se*ious info*,ation secu*ity incident1 5hich can *esult in se+e*e e,6a**ass,ent1 financial loss1 and e+en litigation 5he*e da,age has 6een caused to so,eone7s *eputation o* financial standing. Cu*the* types of se*ious disclosu*e in+ol+e sec*et patent info*,ation1 plans and st*ategic di*ections1 *esea*ch1 info*,ation disclosed to legal *ep*esentati+es etc. (eli6e*ate unautho*i@ed disclosu*e of sensiti+e info*,ation is also *efe**ed to as espionage.
Electrical Storms7 the i,pact of lightning st*i4es can 6e significant. It can cause dis*uption to po5e* and can also cause fi*es. It ,ay also da,age elect*ical eBuip,ent including co,pute* syste,s. St*uctu*al da,age is also possi6le th*ough falling t*ees o* othe* o6=ects.
6. Electrical po%er failure7 &ll o*gani@ations depend on elect*ical po5e* to continue no*,al ope*ations. Hithout po5e* the o*gani@ation7s co,pute*s1 lights1 telephones and othe* co,,unication ,ediu, 5ill not 6e ope*ational and the i,pact on no*,al 6usiness ope*ation can 6e de+astating. &ll o*gani@ations should 6e p*epa*ed fo* a possi6le elect*ical po5e* failu*e1 as the i,pact can 6e so se+e*e. (ata can 6e lost1 custo,e*s can 6e lost and the*e can 6e a se*ious i,pact on *e+enue. P*e8planning is essential as a *egional outage can cause a sho*tage of 6ac4up elect*ical gene*ato*s.
Epidemic7 &n epide,ic can occu* 5hen a contagious illness affects a la*ge nu,6e* of pe*sons 5ithin a count*y o* *egion. #his can ha+e a pa*ticula*ly de+astating sho*t te*, i,pact on 6usiness th*ough a la*ge nu,6e* of pe*sons 6eing a6sent f*o, 5o*4 at the sa,e ti,e. !e*tain illnesses can ha+e a longe*8te*, effect on the 6usiness 5he*e long te*, illness o* death *esults. &n exa,ple of this ext*e,e situation is occu**ing in !hina no5 5ith the epide,ic of S&RS.
EJuipment .ailure /excluding I# 1ard%are27 &ll 6usinesses *ely on a 5hole *ange of diffe*ent types of eBuip,ent in o*de* to *un thei* 6usiness p*ocesses. In ,any cases1 it is possi6le to ,o+e to alte*nati+e p*ocesses to ena6le the 6usinesses p*ocess to continue 6ut his *eBui*ed conside*a6le planning and p*epa*ation.
.ire7 Ci*es a*e often de+astating and can 6e sta*ted th*ough a 5ide *ange of e+ents1 5hich ,ay 6e accidental o* en+i*on,ental. #he i,pact on the 6usiness 5ill +a*y depending on the se+e*ity of the fi*e and the speed 5ithin 5hich it can 6e 6*ought unde* cont*ol. & fi*e can cause hu,an in=u*y o* death and da,age can also 6e caused to *eco*ds and eBuip,ent and the fa6*ic o* st*uctu*e of p*e,ises.
.lood7 Cloods *esult f*o, thunde*sto*,s1 t*opical sto*,s1 sno5 tha5s o* hea+y and p*olonged *ainfall8causing *i+e*s to o+e*flo5 thei* 6an4s and flood the su**ounding a*eas. Cloods can se*iously affect 6uildings and eBuip,ent causing po5e* failu*es and loss of facilities and can e+en *esult in in=u*y o* death.
.reezing 'onditions7 C*ee@ing conditions can occu* in 5inte* pe*iods and the effects can 6e de+astating. Hhe*e te,pe*atu*3es fall in excess of - 30 !entig*ade they can c*eate conditions1 5hich significantly dis*upt 6usinesses and e+en cause death o* in=u*y. Businesses and ho,es can 6e se*iously affected th*ough 6u*st pipes1 inadeBuate heating facilities1 dis*uption to t*anspo*tation and ,alfunctioning eBuip,ent. Ho*4 unde*ta4en outside of 6uildings in the open en+i*on,ent 5ill o6+iously 6e se*iously affected.
4ot Site7 & data cente* facility o* office facility 5ith sufficient ha*d5a*e1 co,,unications inte*faces and en+i*on,entally cont*olled space capa6le of p*o+iding *elati+ely i,,ediate 6ac4up data p*ocessing suppo*t.
4urricane7 9u**icanes a*e sto*,s 5ith hea+y ci*cula* 5inds exceeding 60 ,iles pe* hou*. #he hu**icane contains 6oth ext*e,ely st*ong 5inds and to**ential *ain. 9u**icanes can cause flooding1 ,assi+e st*uctu*al da,age to ho,es and 6usiness p*e,ises 5ith associated po5e* failu*es1 and e+en in=u*y and death. 62
Impact7 I,pact is the cost to the ente*p*ise1 5hich ,ay o* ,ay not 6e ,easu*ed in pu*ely financial te*,s.
Incident7 &ny e+ent1 5hich ,ay 6e1 o* ,ay lead to1 a disaste*.
Information Security7 #he secu*ing o* safegua*ding of all sensiti+e info*,ation1 elect*onic o* othe*5ise1 5hich is o5ned 6y an o*gani@ation.
Internal arrangement7 "the* *oo,s 5ithin the o*gani@ation could 6e eBuipped to suppo*t 6usiness functions :i.e.1 t*aining *oo,s1 cafete*ias1 confe*ence *oo,s1 etc;
Internal po%er failure7 &n inte*nal po5e* failu*e is an inte**uption to the elect*ical po5e* se*+ices caused th*ough inte*nal eBuip,ent o* ca6ling failu*e. #his type of fault 5ill need to 6e *epai*ed 6y a Bualified elect*ician and delays 5ill ine+ita6le i,pact on the 6usiness p*ocess. Hhe*e pa*ticula*ly se*ious faults ha+e occu**ed1 such as da,age to ,ain ca6les1 the *epai*s could ta4e so,e ti,e and could ha+e a se+e*e effect on the 6usiness.
Irritating7 U#)B 5ould 6e a6le to exe*cise *est*aint and di*ect influence o+e* the e+ent1 *e,aining in *elati+e cont*ol of 6usiness.
-oss of drainage " %aste removal7 #he loss of d*ainage o* 5aste *e,o+al is li4ely to cause a se*ious sanitation and health issue fo* ,ost 6usinesses. #his is li4ely to i,pact on the 6usiness th*ough the possi6le loss of its 5o*4fo*ce du*ing the pe*iod 5he*e d*ainage se*+ices a*e not a+aila6le. #his1 in tu*n1 5ill ha+e an i,,ediate i,pact on *e+enue.
-oss of gas supply7 #he loss of gas supply can 6e ext*e,ely se*ious 5he*e the 6usiness *elies on gas to fuel eithe* its p*oduction p*ocesses o* p*o+ide heating 5ithin its p*e,ises. #he i,pact that a loss of gas supply can ha+e on the p*oduction p*ocess can *esult in the 5hole p*ocess shutting do5n. #he i,pact on the o*gani@ation 5ill also 6e pa*ticula*ly acute 5he*e the loss of gas8fi*ed heating could *ende* the p*e,ises unusa6le du*ing pe*iods of lo5 exte*nal te,pe*atu*es.
-oss of records or data7 #he loss of *eco*ds o* data can 6e pa*ticula*ly dis*upti+e 5he*e poo* 6ac4up and *eco+e*y p*ocedu*es *esult in the need to *e8input and *e8co,pile the *eco*ds. #his is no*,ally a slo5 p*ocess and is pa*ticula*ly la6o* intensi+e. #his can *esult in an inc*ease in costs th*ough additional 5o*4ing hou*s and a g*eat deal of e,6a**ass,ent 5he*e info*,ation is unexpectedly not a+aila6le.
-oss of %ater supply7 #he loss of the 5ate* supply is li4ely to close do5n a 6usiness p*e,ises until the supply is *esto*ed. Hhe*e the 5ate* is used in the p*oduction p*ocess this is pa*ticula*ly se*ious. #he loss of 5ate* supply is also a health and safety issue as ,ini,u, sanita*y needs cannot 6e ,et. #his is often caused th*ough a fault in a 5ate* supply *oute o* as a *esult of a pa*ticula*ly se+e*e d*ought. 63
Island accessibility7 Since 'al+eston is an island and has li,ited accessi6ility1 access to the island 6y e,ployees1 supplies and custo,e*s 5ill need e+aluated and assessed.
I# system failure7 Hith the al,ost total le+el of dependence on I# syste,s 5ithin the +ast ,a=o*ity of 6usinesses1 a failu*e to these syste,s can 6e pa*ticula*ly de+astating. #he types of th*eats to co,pute* syste,s a*e ,any and +a*ied1 including ha*d5a*e failu*e1 da,age to ca6les1 5ate* lea4s and fi*es1 ai* conditioning syste, failu*es1 net5o*4 failu*es1 application syste, failu*es1 teleco,,unications eBuip,ent failu*es etc.
,eig1bor1ood 1azard7 & neigh6o*hood ha@a*d is defined as a dis*upti+e e+ent in the close +icinity1 5hich di*ectly o* indi*ectly affects you* o5n p*e,ises and e,ployees. &n exa,ple 5ould 6e seepage of ha@a*dous 5aste o* the escape of toxic gases f*o, a local che,ical plant. 9ealth and safety *egulations *eBui*e that the o*gani@ation ta4e suita6le action to p*otect its e,ployees. #his ,ay ha+e se+e*e dis*upti+e i,plications fo* the 6usiness pa*ticula*ly 5he*e it can ta4e so,e ti,e to clea* the ha@a*d.
Off:site location7 & sto*age facility at a safe distance f*o, the p*i,a*y facility1 5hich is used fo* housing *eco+e*y1 supplies1 eBuip,ent1 +ital *eco*ds etc.
Operational Impact7 &n i,pact1 5hich is not Buantifia6le in financial te*,s 6ut its effects1 ,ay 6e a,ong the ,ost se+e*e in dete*,ining the su*+i+al of an o*gani@ation follo5ing a disaste*.
Outage7 #he inte**uption of auto,ated p*ocessing syste,s1 suppo*t se*+ices o* essential 6usiness ope*ations that ,ay *esult in the o*gani@ation7s ina6ility to p*o+ide se*+ice fo* so,e pe*iod of ti,e.
Period of #olerance7 #he pe*iod of ti,e in 5hich an incident can escalate to a potential disaste*.
Petroleum and oil s1ortage7 Co* ,ost count*ies in the 5o*ld1 a pet*oleu, sho*tage can occu* at any ti,e. #his has a se*ious i,pact on 6usinesses as *ationing is li4ely to 6e i,posed i,,ediately affecting t*anspo*tation and the no*,al ope*ations of diesel o* pet*ol fuelled ,achine*y.
eciprocal arrangement7 &n ag*ee,ent in 5hich t5o pa*ties ag*ee to allo5 the othe* to use thei* site1 *esou*ces o* facilities du*ing a disaste*.
ecovery Point Objective /PO27 #his is defined 6y the data content o5ne* of an I# application. It is the point in ti,e that the application ,ust 6e *esto*ed to.
ecovery #ime Objective /#O27 #his is defined 6y the data content o5ne* fo* an I# application. It is the ti,e f*o, disaste* decla*ation to the *esto*ation of the application.
62 esumption7 #he p*ocess of planning fo* andAo* i,ple,enting the *eco+e*y of c*itical 6usiness ope*ations i,,ediately follo5ing an inte**uption o* disaste*.
is! Assessment K $anagement7 #he identification and e+aluation of ope*ational *is4s that pa*ticula*ly affect the ente*p*ise7s a6ility to function and add*essing the conseBuences.
is! eduction or $itigation7 #he i,ple,entation of the p*e+entati+e ,easu*es1 5hich *is4 assess,ent1 has identified.
Scenario7 & p*e8defined set of e+ents and conditions1 5hich desc*i6e an inte**uption1 dis*uption o* disaste* *elated to so,e aspect :s; of an o*gani@ation7s 6usiness fo* pu*poses of exe*cising a *eco+e*y plan :s;.
Self:service7 &n o*gani@ation o* 6usiness function can t*ansfe* 5o*4 to anothe* of it7s o5n locations.
Service -evel Agreement /S-A27 &n ag*ee,ent 6et5een a se*+ice p*o+ide* and se*+ice use* as to the natu*e1 Buality1 a+aila6ility and scope of the se*+ice to 6e p*o+ided.
Site access denial7 &ny distu*6ance o* acti+ity 5ithin the a*ea su**ounding the site 5hich *ende*s the site una+aila6le1 e.g. fi*e1 flood1 *iot1 st*i4e1 loss of se*+ices1 fo*ensics. #he site itself ,ay 6e unda,aged.
System ecovery7 #he p*ocedu*es fo* *e6uilding a co,pute* syste, to the condition 5he*e it is *eady to accept data and applications. Syste, *eco+e*y depends on ha+ing access to suita6le ha*d5a*e.
#erminal7 U#)B 5ould 6e una6le to achie+e its co*e pu*pose and una6le to conduct its ,ission
#1eft7 #his ha@a*d could *ange f*o, the theft of goods o* eBuip,ent to the theft of ,oney o* othe* +alua6les. In addition to possi6le financially da,aging the o*gani@ation1 they can cause suspicion and unce*tainty 5ith the 5o*4fo*ce 5he*e it ,ay 6e 6elie+ed that one o* ,o*e of the, could ha+e 6een in+ol+ed.
#ornado7 #o*nadoes a*e tight colu,ns of ci*cling ai* c*eating a funnel shape. #he 5ind fo*ces 5ithin the to*nado can *each o+e* 200 ,iles pe* hou*. #o*nadoes can often t*a+el in excess of ?0 ,iles pe* hou*. #hey can cause significant st*uctu*al da,age and can also cause se+e*e in=u*ies and death.
+ital ecords7 &ll data and info*,ation *eBui*ed to suppo*t 6usiness functions :i.e.1 histo*ical1 *egulato*y *eBui*e,ents including1 6ut not li,ited to1 policy and p*ocedu*es ,anuals1 input docu,ents o* data1 ,anuals fo* soft5a*e and othe* applications1 +endo*Acusto,e* lists 5ith phone nu,6e*s1 and 6ac4up tape files.; &dditionally1 these *eco*ds should 6e ,aintained off8site at a thi*d pa*ty +endo* o* co,,and cente*. 6?
Aarm Site7 & data cente* o* office facility 5hich is pa*tially eBuipped 5ith ha*d5a*e1 co,,unications inte*faces1 elect*icity and en+i*on,ental conditioning capa6le of p*o+iding 6ac4up ope*ating suppo*t.
Aor!place violence7 &cts of +iolence in the 5o*4place can affect ,o*al1 a6senteeis,1 c*eate fea* and unce*tainty and inc*ease the *ate of tu*no+e* of e,ployees. #his can ha+e a significant affect on p*oducti+ity and could also *esult in clai,s fo* 5o*4e*s co,pensation1 ha*ass,ent clai,s and a need fo* inc*eased secu*ity ,easu*es. Statistically1 this type of incident is especially p*e+alent at o*gani@ations 5hich ha+e *ecently ,e*ged o* a*e 6eing *e8si@ed o* *est*uctu*ed1 5he*e the*e a*e *egula* th*eats of indust*ial action1 o* 5he*e pe*,anent e,ployees ha+e 6een *eplaced 5ith te,po*a*y e,ployees.