Business Continuity Policy

Business Continuity Policy
Type of Policy
Administrative
kcross8
Effective Date
Review Date
Contact Name
William Smith
Contact Title
Director of Emergency Management
Contact Email
william.smith@ep.gatech.edu
Reason for Policy

The purpose of this policy is to ensure the resiliency of the Georgia Institute of Technology (Georgia Tech) and all its Units in the event of disasters, emergencies, or other interruption through continuity planning, training, and exercising.

Policy Statement

Georgia Tech Units shall develop, regularly maintain, and exercise business continuity and disaster recovery plans.

Business Continuity Planning
Each Unit shall develop, maintain, and exercise business continuity plans in the event an interruption affects their ability to continue critical functions. Such plans will be developed, maintained, and exercised through a standard system set by the Office of Emergency Management (OEM). At a minimum, OEM will ensure that the standard system for business continuity planning at Georgia Tech include the identification of critical functions and strategies for prioritizing, maintaining and/or resuming those functions. Units required to develop continuity plans will be determined and notified of said requirement by OEM with consultation from the Crisis Management Team.

Critical Functions
OEM shall establish a standard for ranking/ordering critical functions based on criticality and all Units shall use this same standard when identifying their critical functions. Each Unit shall identify and document all critical functions within their Unit and categorize those functions based on the levels of criticality established by OEM.

Mitigation Strategies
For each critical function, the Unit shall outline their strategy for operating during an interruption including alternative means of achieving the Unit function, even at reduced capacity. Such strategies should consider loss of infrastructure, loss of personnel, loss of financial resources, and dependencies. This strategy establishes the actions that a Unit or Georgia Tech shall take to mitigate losses during an interruption to that specific critical function.

Business Continuity Maintenance
Each Unit shall designate a Continuity Plan Manager to maintain their plan and coordinate with OEM on continuity matters. The Continuity Plan Manager shall verify that the Unit’s continuity plan(s) are updated at least annually, after significant real-world interruptions, and following continuity exercises. Such updates should consider changes to the Unit’s structure, functions, systems and infrastructure/equipment, and personnel. OEM will confirm that each Unit provides annual updates through regular reviews. OEM shall provide Georgia Tech leadership with an annual report on the status of Unit business continuity plans.

Business Continuity Exercises
Each Unit shall conduct and document at least one continuity exercise annually with key Unit stakeholders. The Unit Continuity Plan Manager is responsible for coordinating an internal Unit continuity exercise to include setting objectives, leading the exercise, conducting an after-action review, and incorporating lessons learned into their continuity plan. In lieu of an exercise, Units may use real-word incidents that caused an interruption to the Unit’s critical functions. Units should still document the incident with an after-action review and incorporate appropriate lessons learned into their continuity plan.

Scope

This policy applies to all Georgia Tech Units.

Policy Terms
Business Continuity An ongoing process to ensure that the necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services.

Critical Function

The essential activities performed by organizations, especially after a disruption of normal activities.
Exercise Simulation of emergency situations that validate existing plans, policies, roles, and responsibilities in a low stress environment
Interruption Any event, whether anticipated or unanticipated, that disrupts the normal course of operations.
Mitigation Strategies Strategies employed to ensure critical functions are performed even when faced with interruptions involving personnel, space, equipment, etc.
Plan Manager A person designated by the Plan Owner to coordinate, maintain, and exercise a Unit’s continuity plan.
Plan Owner A person who oversees continuity activities within their Unit.
Unit A department, school, team, or research institute identified by OEM that requires a continuity plan due to organizational or operational threshold.

 

Responsibilities

Office of Emergency Management

  • In coordination with the Crisis Management Team, establishes what Unit level is responsible for developing, maintaining, and exercising continuity plans.
  • Regularly assesses Georgia Tech’s overall organization; may designate additional Units as needed to maintain continuity plans.
  • Maintains a standard system for business continuity planning at Georgia Tech.
  • Conducts training for Continuity Plan Owners and Managers.
  • Provides subject matter expertise to Continuity Plan Managers.
  • Regularly reviews, approves, and provides feedback for Unit continuity plans.
  • Reports the status of Unit business continuity plans to Georgia Tech leadership annually.
  • Provides guidance to Georgia Tech leadership on mitigating continuity risks through planning, infrastructure improvement, staffing and/or training.

Crisis Management Team

  • Participates in annual exercises involving continuity issues.
  • Reviews the status of Georgia Tech Units’ continuity plans annually.
  • Ensures that Units with expired plans or with significant planning gaps prioritize the review of their plans and allocate appropriate resources to bring their plans into compliance.

Continuity Plan Owner

  • Designates a Unit Continuity Plan Manager.
  • Ensures appropriate priority and resources are dedicated to this effort.
  • Reviews continuity plan before submission.

Continuity Plan Manager

  • Coordinates directly with OEM on procedures for maintaining Unit continuity plans.
  • Coordinates internal plan reviews, exercises, and after-action reviews.
  • Documents the Unit’s continuity planning activities.
Policy History
Revision Date Author Description
3-08-2024 Office of Emergency Management New Policy