Keep School in Session – Study up on Your Business Continuity Plan

IT Risk Advisory
by Donald Eckrod III
share with a colleague Download PDF

As the worldwide pandemic continues to evolve, higher education institutions (HEIs) must evolve with it.  Over the past two years, those universities and colleges that have had business contingency plans in place prior to the onset of the pandemic have risen to the occasion. 

Unfortunately, “roughly 41% of HEIs lack a general business continuity plan for emergencies. Additionally, in universities with BCPs, 33% of the plans do not cover biological hazards and pandemic risk management, and 60% of the plans did not include conducting any advanced simulation exercises,” according to Takako Izumi, associate professor at the International Research Institute of Disaster Science, Tohoku University, Japan. 

Based on this research, it is evident that roughly one in three HEIs may have experienced a business continuity event that caused significant disruptions to in-person learning.  With that said, to most people a simple class cancellation for either a day or week may not seem like a large issue, but for most universities and major programs, losing an entire week of a class schedule can be detrimental to the professor, student and university.  This is because most classroom schedules are developed to be completed without significant interruptions.  By altering a learning program by a week or more may drive final examinations and projects into the winter or summer break (when students and professors are not typically required to be present on campus). 

Business continuity events and classroom disruptions or cancellations will have trickle-down effects across HEIs.  These trickle-down effects include strains on educational resources as a result of working into the holidays or scheduled breaks, strains on technical resources (requiring Zoom/WebEx accounts for all professors and training of students on how to use these tools) and delays in graduation and semester end dates (thus affecting employment opportunities following graduation). 

These resource restraints mentioned above illustrate the perfect scenarios to prepare for when drafting a university-wide Business Continuity Plan (BCP).  The key is to lay out a strategy in developing an HEI-related Business Continuity Plan and be mindful of the key touchpoints during the process.

According to Educause, a nonprofit whose mission is to advance higher education through information technology, “a Business Continuity Plan begins with a university-wide commitment to develop, staff, and support efforts that will be activated when circumstances clearly indicate that business has been or will be disrupted for more than a brief or acceptable time. A plan is not intended to address routine disruptions such as planned or routine maintenance. On the contrary, well-developed, and tested plans are essential during and after catastrophic events that preclude the resumption of normal business functioning within well-defined time frames.” Furthermore, a large part of the plan development process is to obtain buy-in from executive-level members of the institution because this establishes overall ownership, support and ability to design an effective BCP. 

Also important during BCP development is to understand that this is not just a technology-related plan; it is a much broader view of the functions and information resources of your institution.

The following diagram outlines the entire BCP development process: 

Business Continuity Planning diagram

A key point to remember in the BCP development process is that once a BCP has been developed and finalized, the process does not stop there.  Business Continuity Plans are living documents that must change and evolve to reflect institutional changes. To be effective, plans must be continually revised and improved to be in alignment with the current environment. A review should be conducted annually (or more frequently) to document all institutional changes that will impact the plan, including:

  • Information gleaned from recent incidents.
  • Information gleaned from plan training and testing.
  • Changes in the Business Impact Analysis.
  • Implementation of new equipment and technology.
  • Organizational restructuring.
  • Major additions or changes to facilities.

By including all the necessary BCP touchpoints mentioned above in your HEI’s BCP, your institution will be on the right track for handling a major business or operational disruption.  Whether faced with another global/regional pandemic, a natural disaster or other type of catastrophic event on the grounds of your HEI, a BCP can be enacted to begin necessary recovery efforts to bring operations back online, or at least to an acceptable level of operation.

 

Sources:

https://www.emerald.com/insight/content/doi/10.1108/IJDRBE-06-2020-0054/full/html?skipTracking=true

https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/business-continuity-and-disaster-recovery

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Cybersecurity, IT Risk Advisory, Risk Advisory/Internal Audit BY Nathan Shepler
8 Key Considerations When Reviewing User Access
read more >
IT Risk Advisory, Risk Advisory/Internal Audit, SOC 2 BY Nicholas DeLuca
SOC 2 Terminology: Vendor vs Subservice Organization vs Subcontractor vs Third Party vs Nth Party
read more >
IT Risk Advisory, Risk Advisory/Internal Audit BY Michael Sinkevich
Did Poor Change Management Contribute to the AT&T Wireless and McDonald’s Outages?
read more >
IT Risk Advisory, Risk Advisory/Internal Audit, SOC BY Anna Young
Subservice Organizations: Their Role and Impact on Your SOC Report
read more >
Cybersecurity, IT Risk Advisory BY Madeline Adamczyk
Allegheny County Marriage License Data Leak May Affect Recent Newlyweds
read more >
IT Risk Advisory BY Sean Thomas
PCI DSS v4.0 is Here…Are You Ready?
read more >
Register to receive our weekly newsletter with our most recent columns and insights.
subscribe for updates
most recent
Investment Corner with Jason & Sean: U.S. Small Cap Equities
Wealth Management
By Jason Staley | 4.23.2024

Learn more about the comprehensive history of technology and how it has directly shaped the realm of investing. ...

read more
most popular
Dynamics 365 Business Central 2024 Release Wave 1: Top 5 Features
Consulting, Digital & Technology
By Michael Scalamogna | 4.23.2024

Learn more about the top five new artificial intelligence features of wave one of the 2024 release of Dynamics 365 Business Central. ...

read more
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh
Columbus
Metropolitan Washington
Image of Prime Global Logo
follow us client portal

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×
Accept