Business Continuity
Business Continuity and Business Continuity Management
Business continuity is defined as the uninterrupted availability of all key resources supporting critical business functions. Business continuity management (BCM) is the organisational ability to plan and respond to any critical event and major disruption in order to continue operations at an acceptable level.
The University defines a critical event as an event identified as critical by the Vice-Chancellor or the Director of Property Services on the grounds that it has caused, or threatens to cause, serious harm to students, staff or visitors to the University and/or significant physical or environmental damage.
Critical events
Examples of a critical event:
- Ash effect from Volcanic eruption
- Bomb Threat
- Catastrophic failure of the data centre
- Extended loss of data network connectivity
- Fire to whole building
- Flood/weather bomb
- Gas Explosion
- Major Chemical Spill
- Major Food Poisoning Event or Infectious Disease Outbreak
- Building occupation that prevents access or service
- Pandemic
- Severe Earthquake
- Significant incident of violence (including a gun or knife attack)
- Total Prolonged Electricity Outage (greater than 4 hours)
This list is not exhaustive and a Faculty or Division may have additional risks which may need to be included in planning considerations.
The importance of Business Continuity to the University of Waikato
The Business Impact Analysis (BIA) and Critical Business Process Action Plans (Action Plans) are components of the University's Business Continuity Framework. The Framework is in place to ensure that in the event of any critical incident or major disruption to operations the University can meet its obligations with respect to the welfare of students, staff and/or visitors to the University; the protection of the University's assets; the continuity of core business and, in turn, the safeguarding of the University's reputation.
Business Continuity Planning and Management and Risk Mitigation
The Business Impact Analysis (BIA) provides the background upon which Critical Business Process Action Plans (Action Plans) are developed as it is used to identify and list critical business processes. In the analysis managers are responsible for identifying the critical business processes; the Maximum Time Outage (MTO) i.e. the maximum amount of time the Faculty/Division/Department can tolerate a disruption to the process before experiencing significant negative impacts; and analysing the impacts of a critical event to service delivery.
The BIA should identify the business goals, and define the primary business processes, the individual or group that has the responsibility for that process, any sub-processes and critical times of year that relate to the process.
Critical Business Process Action Plan
A Critical Business Process Action Plan (Action Plan) is a documented plan to assist the University to manage a serious disruptive crisis in a controlled and structured manner, with the least possible impact on stakeholders including staff and students.
The Action Plan contains information on emergency contact details, impact mitigation strategies, procedures to be implemented and communication processes to be followed. It provides a base for ensuring that considered decisions can be made and communicated effectively in times of crisis.
Process of developing a Business Continuity Plan (BCP)
The process of developing a Business Continuity Plan (BCP) involves:
- Clearly defining and understanding the critical processes that enable the Faculty, Division or Department to deliver on its strategy.
- Identifying the barriers and risks that could prevent the Faculty, Division or Department from delivering its critical processes.
- Evaluating and measuring the Faculty, Division or Departments ability to control or mitigate risk.
- Analysing the impact of a critical event on the organisational area and its primary processes.
- Documenting the necessary resources, workarounds, and alternatives which will enable the Faculty, Division or Department to recover from the critical event.
- Identifying gaps in ability to achieve critical processes and implications of those gaps.
Timeframe for the Business Continuity Planning and Management Process
There is a timeframe in which all Faculties and Divisions completed specific stages in the Business Continuity University implementation process. All areas have completed a BCP which entails a Business Impact Analysis (BIA) and accompanying Critical Business Process Action Plans (Action Plans).
Approval by the Faculty/Division at the Faculty/Division management level entails use of the approval checklist provided. Each area now need to arrange and complete an exercise to confirm the adequacy of their BCP. Six months from the date of the exercise, a review of the BCP needs to take place.
Business Continuity Planning and Management lifecycle
For Faculty and Divisions
There are five key ongoing steps in the lifecycle of Business Continuity Planning and Management for each Faculty/Division within the University:
- BCP Development which entails Business Impact Analysis (BIA) and Critical Business Process Action Plan (Action Plan) development
- Faculty/Division/Department Approval and Implementation of BCP
- Local BCP Training and Awareness
- Local Periodic Testing of BCP
- Local Reviewing of BCP
For the University of Waikato
The Business Continuity Planning and Management (BCP&M) lifecycle for the university involves each budget holder reporting on their BCP&M implementation and maintenance progress in every annual budget round and advising of resource implications.