Keep School in Session – Study up on Your Business Continuity Plan

As the worldwide pandemic continues to evolve, higher education institutions (HEIs) must evolve with it.  Over the past two years, those universities and colleges that have had business contingency plans in place prior to the onset of the pandemic have risen to the occasion. 

Unfortunately, “roughly 41% of HEIs lack a general business continuity plan for emergencies. Additionally, in universities with BCPs, 33% of the plans do not cover biological hazards and pandemic risk management, and 60% of the plans did not include conducting any advanced simulation exercises,” according to Takako Izumi, associate professor at the International Research Institute of Disaster Science, Tohoku University, Japan. 

Based on this research, it is evident that roughly one in three HEIs may have experienced a business continuity event that caused significant disruptions to in-person learning.  With that said, to most people a simple class cancellation for either a day or week may not seem like a large issue, but for most universities and major programs, losing an entire week of a class schedule can be detrimental to the professor, student and university.  This is because most classroom schedules are developed to be completed without significant interruptions.  By altering a learning program by a week or more may drive final examinations and projects into the winter or summer break (when students and professors are not typically required to be present on campus). 

Business continuity events and classroom disruptions or cancellations will have trickle-down effects across HEIs.  These trickle-down effects include strains on educational resources as a result of working into the holidays or scheduled breaks, strains on technical resources (requiring Zoom/WebEx accounts for all professors and training of students on how to use these tools) and delays in graduation and semester end dates (thus affecting employment opportunities following graduation). 

These resource restraints mentioned above illustrate the perfect scenarios to prepare for when drafting a university-wide Business Continuity Plan (BCP).  The key is to lay out a strategy in developing an HEI-related Business Continuity Plan and be mindful of the key touchpoints during the process.

According to Educause, a nonprofit whose mission is to advance higher education through information technology, “a Business Continuity Plan begins with a university-wide commitment to develop, staff, and support efforts that will be activated when circumstances clearly indicate that business has been or will be disrupted for more than a brief or acceptable time. A plan is not intended to address routine disruptions such as planned or routine maintenance. On the contrary, well-developed, and tested plans are essential during and after catastrophic events that preclude the resumption of normal business functioning within well-defined time frames.” Furthermore, a large part of the plan development process is to obtain buy-in from executive-level members of the institution because this establishes overall ownership, support and ability to design an effective BCP. 

Also important during BCP development is to understand that this is not just a technology-related plan; it is a much broader view of the functions and information resources of your institution.

The following diagram outlines the entire BCP development process: 

Business Continuity Planning diagram

A key point to remember in the BCP development process is that once a BCP has been developed and finalized, the process does not stop there.  Business Continuity Plans are living documents that must change and evolve to reflect institutional changes. To be effective, plans must be continually revised and improved to be in alignment with the current environment. A review should be conducted annually (or more frequently) to document all institutional changes that will impact the plan, including:

  • Information gleaned from recent incidents.
  • Information gleaned from plan training and testing.
  • Changes in the Business Impact Analysis.
  • Implementation of new equipment and technology.
  • Organizational restructuring.
  • Major additions or changes to facilities.

By including all the necessary BCP touchpoints mentioned above in your HEI’s BCP, your institution will be on the right track for handling a major business or operational disruption.  Whether faced with another global/regional pandemic, a natural disaster or other type of catastrophic event on the grounds of your HEI, a BCP can be enacted to begin necessary recovery efforts to bring operations back online, or at least to an acceptable level of operation.

 

Sources:

https://www.emerald.com/insight/content/doi/10.1108/IJDRBE-06-2020-0054/full/html?skipTracking=true

https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/business-continuity-and-disaster-recovery

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
What to Know About the Latest Title IX Guidance
Keep School in Session – Study up on Your Business Continuity Plan
What Evidence Is Requested During SOC 2 Audits?
How to Incorporate Cybersecurity in a SOX Framework
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×