The business impact analysis (BIA) will have identified the minimum recovery / availability requirements to support the University’s key operational processes. However, in order to determine the best strategy for responding to an incident key risks to the University also need to be identified and assessed. At the University this is achieved by drawing on the results of several pre-existing risk assessments conducted by other areas within the University. These include:
- The University’s Corporate Risk Register;
- Physical risk assessments conducted by the University’s insurers and internal Estates and Facilities service;
- Any risks identified as part of the planning process within the Schools and Directorates.
All of the accumulated information influences the approach taken in both trying to mitigate these risks and how to respond should they still occur. Ultimately this supports the University’s major operational objectives during an incident, which are:
- Ensuring student, staff and public welfare and safety before, during and following an incident;
- Protecting the University’s reputation, resources and core activities;
- Ability to communicate both internally and externally;
- Conducting core academic and research functions.
During the analysis of the BIA and any relevant risks, the University’s core dependencies will be assessed and strategies which can be implemented to recover these will be identified. These strategies will largely fall into six broad areas which will need to be protected and / or recovered:
This analysis will result in a series of strategies being devised at both a local and corporate level on how the University can respond to incidents. Meetings will be held with key members of each School/Department in order to discuss the possible strategies that would suit their needs and the needs of the University as a whole. This process will identify (amongst others) recovery teams and their roles in the event of an incident, as well as ensuring strategies are determined for each of the areas identified above. Some examples of possible strategies are listed below:
- Staff are required to perform alternative duties outside of their core activities;
- Alternative locations that will suit the needs of the department are identified;
- Manual workarounds for IT systems are developed;
- Back-up versions of key documents are produced or a ‘salvage’ list is identified;
- Alternative suppliers are identified.
If you believe that an incident is developing which involves the University, its staff or students, call Security Services:
0118 378 6300