Business Continuity Committee May 2009 Meeting Minutes

You Are Here: NYS Forum Home > Committees/Areas of Interest > Business Continuity Committee > Meetings > May 2009 Meeting Minutes

NYS Forum Business Continuity Committee Meeting

Date: Held : 5/20/2009 @ 2:00 PM

CGI offices, Corporate Woods, Albany

From: Tom Luther and Mark Spreitzer

Discussion Topic

Farewell and Thanks to Tom Luther

Refreshments were provided to thank Tom Luther for his four years as the state co-chair of the committee as he prepares to retire from NYS employment.

If any state employees are interested to be considered as a co-chair for this committee, they should email Mark Spreitzer or Greg Benson.
mark.spreitzer@cgifederal.com

Introductions

Agencies represented:: Tax & Finance - Shelly Brosen; Dept. of State - Steve Conant; OSC - Tom Luther, Keith Farrell, Chad Erickson; CGI - Mark Spreitzer; DMV - Mary Kozlowski, Brad Hanscom; IPLogic - Scott Elliot; CIO/OFT - Alan Kowlowitz, Benita Sololowski; OTDA - Stephanie Pagnotta; DASNY - Kelly Chrzanowski

Table go-around, with updates on BC-related activities

During introductions, attendees reported on business continuity and DR related activities at their agencies.

Steve Conant said it is difficult getting executive management to focus on these issues.
OFT has conducted a review of all their COOPs since Swine Flu has erupted; Still pursuing NYAlert (version 2.0) for OFT staff; Drafted a BC/DR Policy for OFT; Pursuing an "800" number for emergency communications.
Shelly reported that budget issues have severely influenced her DR program area through the loss of staff and a reduction in the use of sending backup tapes offsite for storage. She also added that their last two exercises were cancelled.
Kelly has developed an online system for BC planning and is evaluating thumb drives for one option for storing plans. During discussion, Mark suggested looking into secure USB drives, such as Ironkey for security management of the data.
Stephanie said OTDA is using NYAlert and planning a test of the system; they are also updating plans, conducting training and participating in wide scale exercises.
Mary and Brad - DMV has been developing a competitive bid document to obtain consulting services for BC planning. It is still not clear if executives will find funding for this effort, and if not, the planning will need to be done with internal staff.

NYS Forum BCP Training Initiative

Greg Benson was at the meeting to introduce, with Tom Luther, a proposal that Greg, Tom and Mark have been developing to provide a vendor delivered BCP Training course that would be partially funded by the NYS Forum. The proposal is being developed as a partnership between the vendor, NYS Form, corporate co-sponsors and possibly SEMO. Members were asked to submit the area of focus that they would like to see provided by the training. Pending course development approval, selection of a vendor and confirming availability of a venue, Greg will finalize the funding package.

Swine Flu

Tom and Mark shared perspectives and their organization's activities related to the recent escalation of Swine Flu.

OSC has held some internal meetings to review/refresh a draft pandemic plan and discuss communications to staff, preventative measures, monitoring and potential actions to implement.

CGI has implemented their Pandemic Flu Plan, which involved the use of an internal scale for preparations, increasing frequency of meetings with HR and BC coordinators, and voluntary reporting and tracking of illness.

An important point that was shared is that organizations can and should activate their plan even if they do not have staff ill with the flu.

Contingency Planning and Management Conference review

Mark Spreitzer presented a paper at the recent CPM conference in Las Vegas and shared various insights on the conference themes and from the sessions he attended.

Themes and lessons learned included:

Public and Private partnerships are becoming a strategic focus for organizations and though there is much discussion, consistency does not currently exist. This area will become a major topic.
Pending legislation, Title IX is working is way into becoming legislation. An active debate is still at play as to if the ISO and BS25999 standards or the NFPA standards will prevail. Several sessions debated the value of legislation.
Testing, training and exercise should be developed as part of a multi-year plan with incremental objectives to help build and sustain awareness and to assist with funding objectives.
A Carnegie Mellon maturity model is being developed that will provide guidance on how to build contingency planning and resiliency into an organization. It follows the foundation of CMMi.
Vendor audits were discussed in detail, organizations should look at holding each supplier responsible for recovery as they map out their value chain and dependencies.

Action Items

Action Item

Notify Co-Chairs of suggested agenda items. Current suggestions include:

Lessons Learning on implementing NY Alert, including an overview of NY Alert as a solution compliment to existing plans
Infrastructure recovery of DR and how virtualization can play a role in helping to reduce cost, offered as a panel discussion with a few vendors
How to manage workforces in a Pandemic

Owner

Committee Members

Due Date

ASAP

Next Meeting: July 15, 2009 2:00 to 4:00 at CGI offices at 12 Corporate Woods Boulevard

Additional Documents of Reference

None