Implementing a Business Continuity Program at University of Kentucky

Implementing a Business Continuity Strategy at the Department Level

Nathan Brown, Administration Major Laurel Wood, Business Continuity Coordinator BCP Video on this slide (too large to email)

University of Kentucky Hazards • Naturally Occurring Events – Tornado, Ice Storm, Flood • Technologic Events – Power Outage, Communications Failure • Man-Made Events – Terrorism, VIP Situation, Civil Disturbance • Hazardous Materials – Chemical or Radiologic Exposure or Terrorism

Authorities UK’s BCP template was developed in accordance with recommendations and guidelines from: • The Homeland Security Act of 2002 • The National Security Act of 1947 • Federal Continuity Directive 1 • Continuity Guidance Circular 1 • Incident Command System (ICS) • National Incident Management System (NIMS) Business Continuity / Continuity of Operations

Having a Business Continuity Plan can help ensure:

• Prepared to respond to various types of operational interruptions; • Emergency delegation of authority and a line of succession; • Safekeeping of essential personnel, resources, facilities, and vital records; • Emergency acquisition of resources necessary for business resumption; • The capability to perform critical functions remotely until resumption of normal operations; • Establish training and exercise needs.

Organizational Impact

• 59%... Business leaders have experienced crisis at current or former company

• 32%... of those crises led to drop in revenue

• 24%... led to cutbacks or layoffs

Businesses Following a Disaster • 25% Never reopen • 80% Likely to go out of business • 75% Fail within 3 years

• 82% Impact Mitigated • 74% Continue delivering key products & services

Source: Business Continuity Institute, 2012 Why should Campuses have a BCP?

• Academic Portfolio • Intellectual Capital • Research Enterprise • Infrastructure – Existing & Future • Institutional Branding • Retention • Extension Services – Faculty & Students • Public Service Role • Reputation – Special Events • Health Care • Donations • Confidence – Development – Students, parents, faculty, • Funding funders, etc. – Grants / Revenue

$3 Billion Annual Budget • State appropriations from the Commonwealth • Tuition dollars assessed to our students • Grants and contracts and the associated Facilities and Administrative Costs • Fees • Gifts • Endowment income • Sales and service • Clinical revenue

Business Continuity Planning Is:

• Department decision-making • Individualized • Do-It-Yourself • Thought-Provoking • Not Time Consuming • Well Maintained / Evolving Business Continuity Planning Is Not:

• Risk Management • A Position • An Emergency Operations Plan (EOP) • A Building Emergency Action Plan (BEAP) • Uniform across departments

Where do the plans fit in?

Building Emergency Action Plan

Critical Essential Recover as Needed 0-12 hours 12 hours -30 days 30 days +

Event ...... Business Continuity Plan...... Phase I: Readiness & Preparedness

• Department Identification • Department Functions • Human Capital • Leadership Phase II: Activation & Relocation (0-12 Hours)

• Communication • Staff Readiness • Continuity Facilities Communication • UK ALERT

• UK NOW

• Other systems used to contact employees: – Phone (Voice/Text) – Pager – Email – Call Tree – Department Website – Instant Messaging – Social Media (Facebook / Twitter) – Other

Phase III: Continuity of Operations (12 hours – 30 Days or until resumption of normal operations)

• Records Management / Information Technology • Dependencies Records Management & Information Technology • Vital Records • Hard Copy / Electronic Copy Locations • Responsible Contact • Level of Confidentiality • Record Retention Policy • Full & Incremental Backups! • Virtual Office & Telework Operations Phase IV: Reconstitution (Recovery, Mitigation and Termination)

• Devolution of Control • Test, Train & Exercise • Plan Maintenance Plan Maintenance • Tabletop discussions, drills, functional exercises • Evaluations provide gap-analysis • Ensure it complements the EOP • Continues to align with University goals & mission • Annual and periodic reviews (post-incident) • Key position is added, removed or changed

Administration / Main Building Offices • Ground Floor • Second Floor – Legal Counsel – V.P. University Relations – Senate Council – V.P. Research and Graduate – Equal Opportunity/ Studies Affirmative Action – Institutional Planning and – University Self-Study Budget – Academic Affairs – Asst. V.P. to President • First Floor – Information Systems – Office of President • Third Floor – Vice-Chancellor, Lexington – Internal Audit Campus – University Architect – V.P. Fiscal Affairs

[Photo by Steve Stahlman]

Fire crews work to put out the blaze. [Photo by Steve Stahlman]

View from the back of the building showing fully engulfed 2nd and 3rd floors. [Photo by Steve Stahlman]

View looking down from 18th Floor Patterson Office Tower. Conservation Librarian Whitney Baker and UK Records Program Director Tom Rosko review preparations for entering the building. 2nd floor Office of Vice President for University Relations. 2nd floor Office of Vice President for University Relations Ground floor office. To save time, file cabinet drawers were removed and placed in the truck for shipment to the drying center, rather than the contents being re-boxed. 1st floor, Office of the President. Multi-colored mold growth in corner. Ground floor office. Mold growth on walls, water collected in ceiling tiles. Reconstruction Winter Storm 2016

• 8” – 12” Snow

• Classes cancelled Friday, Jan 22nd

• “Designated Employees” report

• UK Healthcare fully operational

Communication / Planning • Facilities / Physical Plant • Sidewalks / Parking Lots

• Priority Dining Locations

• UK Healthcare • Overnight staff accommodations • 183 escorts

• Residence Life Directors • Resources avail for students • Trapped vehicles

Returning to Normal Operations

• 8 slips, trips and falls worker’s comp claims

• Snow storage

• Public transportation

• Roof leaks / Pipe bursts?

• Sunday 10AM: normal operations

BCP Deliverables

• Critical Operations?

• Impact of Downtime?

• Negative Impact on Operations?

• Important infrastructure components and data?

• Who is most critical?

• Highest risks?

Contact Information

Nathan Brown Administration Major [email protected] 859-218-2305

Laurel Wood Business Continuity Coordinator [email protected] 859-257-6655