NYS Forum Business Continuity Committee Meeting
(http://www.nysforum.org/committees/businesscontinuity/)

Date: Held 6/18/2008 @ 2:00 PM Keane Office
From: Tom Luther and Chris Lloyd

Discussion Topic

Attendance

Attendants, and the agencies or organizations they represent:
Tax & Finance - Janine Messina, Shelly Brosen and Sandy Davis
OFT - Benita Sokolowski
OSC - Tom Luther, Chad Erickson
Keane - Chris Lloyd (via phone)
Dormitory Authority - Kelly Chrzanowski
Dept. of Labor - Steve Koslowski
CGI - Mark Spreitzer (via phone)

Table go-around, with updates on BC-related activities

Key resources Identified:
DRI Generally Accepted Business Continuity Practices:
http://www.drj.com/GAP/ (External Link)
 
NIST Document 800-34:
http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf (External Link)
 
NIST Document 800-30:
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf (External Link)
 
  • Benita from OFT said there was little new to report, as a new management team was still prioritizing and reorganizing at the agency. She said she's awaiting a reply about the COOP plan she submitted for approval. A new management level person has joined OFT that she hopes will provide new guidance in this area.
  • As an aside, Benita said DRI International has released something called the "Generally Accepted Business Continuity Practices" and posted them to its website. (See Key resources Identified.)
  • Kelly said the Dormitory Authority has set up an account and is investigating using the private-message feature of NY-ALERT. Others at the table expressed an interest in NY-ALERT, which Tom Luther said OSC is also examining as a way of communicating with employees.
  • Sandy Davis, formerly worked on disaster recovery for DTF and said she's now working with IBM's Tivoli systems management platform at DTF.
  • Steve, the internal control officer from DOL, said he's working with a newly hired vendor to develop an all-division, agency-wide COOP. DOL's 18 divisions - including the important Unemployment Insurance unit - will be divided into three groups for this implementation.
  • Mark Spritzer of CGI, provided some guidance on a question raised about the difference in COOP versus BCP planning methodology. He said a pair of documents from NIST (the National Institute of Standards and Technology) would prove useful for the Committee: one, NIST Document 800-34 Figure 2-2, offers a good illustration of the relationship of a COOP and other components of a BC Plan. It has been reproduced at the end of these minutes.
  • The other, Document 800-30, is the "Risk Management Guide for Information Technology Systems."
  • Susan from DOS said a deputy Secretary of State has an interest in D.R., and she suspects the woman could easily become the agency's D.R. "champion." Tom Luther then spoke about the importance of having executive-level champions for BC.
  • Janine from DTF said they've just finished distributing BCP plans for their district offices. They're now getting ready for a tabletop exercise planned for early July with one of the district offices.
  • Shelly, the DR manager from DTF, said she's using LDPRS (Strohl's Business Continuity Planning software), and, DR testing has brought up many questions - which she's now trying to address.

NYS OSC BC Audit

  • Tom Luther shared some of the general findings of the audit OSC conducted in 2007 of Selected State Agencies on Business Continuity practices. This report will be issued within the next week or so.
  • Some of the findings contained in the final draft report are: a finding that there is disparity among agencies in their level of BC/DR planning; a finding that although many agencies indicated they have plans in place, the incompleteness and content of those plans was of concern; a core problem is that no one agency is responsible for overseeing the BC/DR process at State Agencies; and the report included a recommendation that NYSEMO play a stronger oversight, coordination and assistance role of individual agency plans.

NYS OSC Advanced Tabletop Exercise wrap-up

  • Tom Luther and Chad Erickson discussed the advanced tabletop exercise at OSC on 6/10/08, and shared some of the general lessons-learned from the endeavor - including the importance of communication and having checklists which decision-makers can use during unplanned emergency incidents.

Action Items

Action Item
Tom Luther and Chris Lloyd discussed the idea of bringing more I.T.-related components into the NYS Forum and will pursue this in the near term.
Owner
Committee Members
Due Date
Soon
 
Action Item
Tom asked attendees to think about how to respond to a pending request he will send to capture Disaster Recovery Practices that are conducted at your agencies. Tom will share a draft document in the hope that Committee members can build upon it to create a general list of DR practices to share with all.
Owner
Tom Luther
Due Date
Pending
 

Next Meeting: The next meeting is planned for Wednesday July 16 at the Keane Office from 2 to 4:00.

Additional Documents of Reference

Interrelationship of Emergency Preparedness Plans
(from NIST Special Publication 800-34, "Contingency Planning Guide for Information Technology Systems"