Business Continuity Committee January 2009 Meeting Minutes

You Are Here: NYS Forum Home > Committees/Areas of Interest > Business Continuity Committee > Meetings > January 2009 Meeting Minutes

NYS Forum Business Continuity Committee Meeting

Date: Held 2/18/2009 @ 2:00 PM

CGI office

From: Tom Luther, Chris Lloyd and Mark Spreitzer

Discussion Topic

Agencies represented:

Tax & Finance - Shelly Brosen, Don Bulson, Janine Messina
OSC - Tom Luther
State Police - Scott Wilcox
Health Department - Jeanne Behr, Becky Hathaway
CGI - Mark Spreitzer
DOS - Steve Conant
SED - Ken Mason
Shelly Teleporos - Labor
Pam Knowles - OCFS
OFT - Benita Sokolowski, Alan Kowlowitz

Table go-around, with updates on BC-related activities

During introductions, attendees reported on business continuity and DR related activities at their agencies.

Don Bulson from Tax & Finance said they recently conducted a tabletop exercise with a section of a Bureau and are revising that plan accordingly and planning additional exercises.
Shelly from Tax reported their fall 2008 DR test at their hot site was canceled for budgetary reasons and they hope to resume that testing in the spring.
Tom Luther reported they are developing a Disaster Recovery Plan document and planning some exercises but are meeting some "competing priority" challenges due to the poor fiscal environment.
Ken Mason reported that SED has some initiatives underway. EMC is preparing a DR plan for them on 10 of their IT systems; they also have a contract with a local company for alternate data center space but progress has hit a snag with DOB approval of some required expenditures for this project; to enhance their communications capabilities, they are seeking options for a phone bridge that provides weekend coverage.
Pam reported that OCFS conducted a large scale exercise, facilitated by a consultant in 2008 and expects to conduct another similar event in 2009. They were working with OFT on a DR plan but that is now on hold..
Scott Wilcox indicated that the State Police have much they should be doing but he has not been directly involved so is not sure of the status of some of their activities.
Benita and Alan of OFT said they conducted tabletop exercises with 24 of their 25 COOPs in 2008. They hope to conduct a functional exercise in 2009. They are also investigating establishing a private account with NYAlert which will enable them to issue alerts to their own staff. They reported that OFT has initiated a process to prioritize platforms and applications they support for disaster recovery based on information they obtain in the annual technology reports submitted by agencies.
Steve from DOS indicated his goal is to update their BIA this year.
Becky and Jean from DOH reported they had planned to conduct tabletop exercises in the fall but fiscal related priorities put them on hold. They are continually in the process of updating their COOP database which is actually performed by the responsible business units in their Lotus Notes database.

Exercise Workshop

The group participated in a discussion based workshop to identify various aspects and elements associated with planning and conducting emergency response, business continuity and IT Disaster Recovery related exercises.
SEE NOTES BELOW

Other matters

The next meeting will be held at 12 Corporate Woods Blvd, Suite 201on Wednesday, February 18 from 2 to 4:00 pm.

Action Items

Action Item: Committee members should feel free to inform other BC planners to become members.; Develop an agenda item for a future meeting on identifying mission critical functions in an organization.
Owner: Committee Members; Mark, Tom
Due Date: On going; Future meeting

Next Meeting: The next meeting is planned for Wednesday February 18 in Building 12 of Corporate Woods, in the CGI office (second floor) from 2 to 4:00 PM. The agenda will be announced in advance.

Additional Documents of Reference

Notes from the meeting:

We identified phases of the exercise lifecycle including Plan, Develop, Design, Conduct and Evaluate. We primarily focused on the first three phases and will continue this dialog at the next meeting.

Helpful Hints and Attributes of Exercise Planning

In general, you must have a completed plan in place that forms the basis of your exercise.
There are seven types of exercises that fall into two categories: Discussion based and Operations based. See HSEEP terminology at https://hseep.dhs.gov/pages/1001_About.aspx#Terminology
Exercises should be repeatable and placed on annual program schedules to enhance their acceptance and buy-in.
Phases of the exercise lifecycle include Plan, Develop, Design, Conduct, Evaluation and Improve.
Numerous exercises can present resource challenges for the exercise team and you may need additional resources to properly address all the phases.
Exercise goals should be clearly defined and agreed to by all parties.
The Scope of an exercise must be clearly defined: not too large (ramp up to larger scale exercises); limit initial exercises to one or two bureaus rather than many; involved mission critical functions; know your resource requirements.
The design and planning must involve participants and exercise staff.
You will need a facilitator and evaluators.
Exercises generally require both a participant guide and a facilitator guide.

Key reference material for planning and conducting exercises can be found at;

The Homeland Security Exercise and Evaluation Program (HSEEP) was developed in 2002 by the U.S. Department of Homeland Security. It is a capabilities and performance-based exercise program that provides a standardized methodology and terminology for exercise design, development, conduct, evaluation, and improvement planning. https://hseep.dhs.gov/pages/1001_HSEEP7.aspx

and,

National Institute of Standards and Technology Publication 800-84 Guide to Test, Training and Exercise Programs for IT Plans and Capabilities a http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf