Action Item: An action item is something that could be done now (or anytime before disaster strikes) to make your organization more prepared. Action items can be big or small, costly or costless, within the scope of your department to perform, or outside your scope. Taken together, a department’s action items comprise a to-do list for readiness.
The typical Action Item begins with a verb and can be stated in one sentence. Some examples:
- Install hurricane wind protection shutters in all department laboratories.
- Develop a plan for redeploying nursing staff to critical areas.
- Cross-train two staff members to handle payroll & purchasing.
- Contract with a repository for emergency sample evacuations.
Broadband Connection: Broadband describes an Internet connection that is faster than dial- up. The usual at-home broadband connections are DSL (telephone) and cable.
Centrally-Owned Application: A centrally-owned application is a computer application or system whose technical owner is the central IT department. (The functional owner of the application could be any department.)
Clustered Departments: Departments that share administrative staff.
Consequences: For the purposes of continuity planning, harmful consequences of slow recovery may impact the Critical Functions of a department, such as disruption of teaching and departure of faculty and students.
Continuity Plan: Continuity planning addresses the question: how can we prepare to continue operations despite those adverse events that we call disasters – or if we can’t continue, how can we resume our operations rapidly and gracefully.
The mission of higher education is teaching and public service; many institutions add research and patient care. These four enterprises, along with the infrastructure that supports them, are the focus of our continuity planning. A departmental continuity plan:
- Identifies your department’s critical functions
- Describes how you might carry on these functions under conditions of diminished resources (diminished staff, space, equipment, or IT infrastructure)
- Contains various information that will be needed during and after the disaster event
- Describes how we can prepare. This is most important of all, because "a stitch in time does indeed save nine." A good continuity plan will identify action items: things that we can do now to lessen the impact of disaster events and make it easier to recover
Cost Center: An accounting term denoting a department that incurs costs but does not directly produce revenue.
Critical Function: A Critical Function is an activity that is essential to the core mission of the organization. For disaster planning, a Critical Function is one that must be continued through disaster, or resumed soon after a disaster-event, to ensure either the viability of the organization, or its ability to serve its customers.
The methodology used in this planning tool defines four levels of criticality:
- Critical 1: Must be continued at normal or increased service load. Cannot pause. Necessary to life, health, security. (Examples: inpatient care, police services).
- Critical 2: Must be continued if at all possible, perhaps in reduced mode. Pausing completely will have grave consequences. (Examples: provision of care to at-risk outpatients, functioning of data networks, at-risk research)
- Critical 3: May pause if forced to do so, but must resume in 30 days or sooner. (Examples: classroom instruction, research, payroll, student advising)
- Deferrable: May pause; resume when conditions permit. (Examples: elective surgery, routine building maintenance, training, marketing)
Data-Gathering Form: A data-gathering form is used to collect information for later entry into a database. Examples are:
- Templates for taking hand-written notes while interviewing a subject.
- Paper survey instruments.
- Substitute paper forms that are kept available for use during periods when a computer system is down.
Departmentally-Owned Application: A departmentally-owned application is a computer application or system whose technical owner is your department or another department (but not central IT).
Documents: For continuity planning, you will identify any documents that are very important to a particular Critical Function. They can be individual documents (such as policy manuals) or sets of records (such as patient files, research files, vendor invoices, etc.). The documents listed under Critical Functions may be paper or electronic. Do not include records that are stored within a database application such as financial system, an HR system, a medical records system, etc. These will be treated elsewhere.
Downstream Dependency: A downstream dependency is a department that depends on your department. If your department fails to perform, the ability of the downstream department to carry out its mission will be seriously impaired. If, for example, your department does scheduling of nursing staff, the inpatient and/or clinical units will be among your downstream dependencies.
Emergency Contact List: List of all people in your unit, and perhaps some outside your unit, whom you might want to contact during and after a disaster-event. The list should include home address, home phone, personal & work cell phones, personal & work email addresses, plus any other available means of contact. The list should be kept on paper, and stored in multiple locations by multiple people. It should be updated at appropriate intervals.
Function (normal): These are functions that a unit normally performs. Here are some typical examples:
- laboratory research
- classroom instruction
- non-elective surgery
- paying employees
- inpatient care
- course scheduling
- providing meals
- facilities repair
- pharmacy services
- grant accounting
Functional Owner: The functional owner of an IT application is the unit that governs the design (and often the use) of the application. When an application implements a business process, the unit responsible for that business process is typically regarded as the functional owner of the application. Modifications to an application must be authorized by the functional owner (but are implemented by the technical owner). For example, the Admissions Office would typically be the functional owner of the on-line admissions system. The technical owner might be the Central IT department, or could be the Admissions Office itself if it has its own IT person or section.
Offsite Storage: Offsite storage refers to the storage of tapes, disks, paper documents and other materials at a location far enough from an organization’s operating location that a disaster-event at one location is not likely to impact the other location.
Onsite Storage: Onsite storage refers to the storage of tapes, disks, paper documents and other materials at an organization’s operating location, rather than elsewhere. Onsite storage of backups is adequate for protection against some types of disasters, and is less expensive and more-quickly-accessed than offsite storage. For more valuable and less-replaceable items, offsite storage becomes desirable.
Peak Periods: These are months when you would expect there to be especially high activity involved in accomplishing a Critical Function. This might be a peak workload period such as the annual fiscal closing for accounting functions; or it might denote activities that happen only at certain times - such as course-registration that happens once per semester.
Sponsor: Sponsor refers to an agency or organization that provides grant funding for research projects.
Technical Owner: The technical owner of an IT application is the unit that has top-level administrator and programming access, implements any modifications, and troubleshoots and fixes any technical problems.
Upstream Dependency: An upstream dependency is a department that your department depends on. If the upstream department fails to perform, the ability of your department to carry out its mission will be seriously impaired. For example, the central IT department is typically an upstream dependency of most other departments. The sponsored projects office (grants office) is an upstream dependency of the research enterprise. The food services department is an upstream dependency of inpatient units.
Virtual Private Network (VPN): VPN is a technology that enables a user to establish a secure connection with a remote network. For example, a VPN connection allows a user at home to connect to the campus network, access files and applications, and work from home. An advantage of the VPN connection is that one’s office computer need not be running. A disadvantage of the VPN connection is that files stored on the user’s office computer (i.e., on the office computer’s local hard drive) will not be accessible; and client-server applications will function only if the user has pre-installed the “client” software on her home computer.
Windows Remote Desktop: Windows Remote Desktop is a technology that enables Windows computer users to log into and operate their computer, via the Internet, from a remote location. It is commonly used by employees to operate their office computers either from home sitting at their home computer, or from any other location sitting at a laptop or desktop machine. A limitation of the windows remote desktop technology (for disaster recovery) is that the office computer must be powered and running.