Mission Continuity Resources and Tools: Glossary
This glossary defines some key terms and concepts that may useful in order to gain a better understanding of Penn’s Mission Continuity program. Additional definitions specific to the Shadow-Planner tool can be found in the online user guides available upon logging in to the software.
Action Plans are the sequential steps taken in case of an event or incident. An Action Plan starts with a “Trigger”, the “when”, followed by an “Action”, the “what”, followed by a “Responsibility” the “who”; and ends with “Procedure”, the “how.”
Actions are part of an Action Plan and refer to the “what”, such as, “evacuate the building when an outage occurs.”
The BETH-3 Methodology governs the way Mission Continuity Plan components are organized and recorded in Shadow-Planner. It stands for: Building, Equipment, Technology, Human Resources and 3rd Party Business Partners and Suppliers.
Briefcase is a Shadow-Planner term (and icon) that organizes various mission continuity plan components. For example, Action Plans (represented by folder icons) roll up into a departmental plan, which is represented by a briefcase icon. Multiple departmental briefcases roll up into a School or Center plan briefcase. And multiple School and Center briefcases ultimately roll up into a comprehensive University Mission Continuity plan briefcase. This organizational structure mirrors the University’s organizational structure.
Basic information about Penn’s buildings/facilities that is essential to the resumption/continuation of your unit’s most critical processes and functions. Some of this data in Shadow-Planner is regularly refreshed from the appropriate Penn systems of record to ensure data integrity and streamline the data entry process. Examples include a research laboratory or classroom in a School (Biochemistry Laboratory in the School of Medicine’s John Morgan building), or a computer room in a specific building that houses critical computing equipment (the Data Center in 3401 Walnut Street).
Business Continuity Planning (BCP)
The process of identifying, documenting, and testing procedures required to sustain an organization’s critical functions in the event of a disaster or emergency situation.
Business Impact Analysis (BIA)
The analysis undertaken to assess the impact of the loss or disruption of business functions and resources on the organization’s ability to conduct business; the activity of qualifying and quantifying information about business processes and the effect that an unplanned event may have on them, and consequently, on the business.
A Call List is used to notify staff and faculty in the case of an emergency. A common arrangement is that one person will call a small group of department members with a message, then those persons will phone other department staff and pass on the message, until finally all relevant members of staff have received the message. Plan Liaisons create Call Lists in Shadow-Planner for their organization.
Contacts are a collection of individuals’ and organizations’ names, phone numbers, addresses, etc. created in Shadow-Planner. Contacts can be internal or external to Penn. A Plan Liaison will create a list of faculty and staff Contacts for their particular department by selecting individuals from a master list of faculty and staff available in the Shadow-Planner software. This master list is regularly refreshed from the appropriate Penn systems of record to ensure data integrity and streamline the data entry process. External Contact information (e.g., for important partners or suppliers) will be entered manually.
All critical activities executed by an organization in conducting business as usual are defined as processes or functions. These processes are catalogued and categorized in Shadow-Planner using the BETH-3 Methodology. For an academic unit, this may be major advising, laboratory research, or undergraduate instruction. For an administrative area, this may be paying employees, balancing financial accounts at month-end, or providing 24x7 access to e-mail.
Critical Process Owners
Critical Process Owners are those individuals responsible for a particular business process or set of activities required to conduct critical education, research, or business at the University.
Equipment and Supplies
Necessary equipment and supplies that are essential to the resumption/continuation of your unit’s most critical processes and functions. Examples include an electron microscope in a specific research laboratory, or back-up power generator requirements for important computer systems.
Human Resources (people)
Key personnel or job functions that are essential to the resumption/continuation of your unit’s most critical processes and functions. Examples include a certain lab assistant with critical knowledge of a specific experiment, or a computer technician skilled in the recovery processes necessary to bring back-up servers online and make them accessible to users.
Processes used by an organization or unit to conduct business as usual.
The user account for accessing Shadow-Planner; the user’s login is the user’s identity in Shadow-Planner.
Mission Continuity (or Business Continuity) refers to the steps taken by an organization to ensure that critical functions, support systems and assets will be available to employees, students and suppliers in case of an emergency. Each School and Center at the University is taking part in the Mission Continuity program in order to ensure that processes and procedures are in place to aid in decision-making during an unplanned interruption of operations.
Mission Continuity Representative
A Mission Continuity Representative is designated at each School and Center to serve as the communications conduit for important Mission Continuity Program information. Mission Continuity Representatives are also the local Mission Continuity Program experts at their School or Center.
PennReady is Penn’s Crisis Management initiative, managed by the Department of Public Safety. It refers to the prevention of, preparation for, response to and recovery from any emergencies that could affect the Penn and University City communities. More information on Penn Ready is available at http://www.publicsafety.upenn.edu/pennready/
The visibility or security attribute of data entered into Shadow-Planner; the perspective defines where in the organization hierarchy the data is visible, useable and editable (NB – Penn is using only the organization perspective at this time).
A Plan Contributor assists in the maintenance of the Mission Continuity plan at a local or departmental level. Plan Contributors may inventory and contribute information on functions, systems or assets in their area. They are fully trained on Shadow-Planner and work closely with Plan Liaisons.
A Plan Liaison creates the Mission Continuity plan for a School or Center using Shadow-Planner software. Plan Liaisons are fully trained on Shadow-Planner and serve as the local software expert. There may be one or more Plan Liaisons in a School or Center.
A Plan Owner is a senior manager at the University involved at a higher level in the Mission Continuity planning process. Plan Owners may only occasionally need access to Shadow-Planner information to, for example, conduct a review or prepare a report.
A Procedure is part of an Action Plan and refers to the “how”, such as, “leave the building and assemble at the Hall of Flags.”
All critical activities executed by an organization in conducting business as usual are defined as processes; processes are the foundation of the Business Impact Analysis (BIA) module in Shadow-Planner, and are catalogued and categorized in Shadow-Planner using the BETH-3 Methodology.
- Application Process – processes which are applications used by, or provided by, an organization entity; an example could include a paid time off application where staff enter vacation and other time off.
- Business Process – processes conducted to support business as usual activities; these can be considered true business processes; examples could include conducting a research experiment or an accounts payable function within a business unit.
- Service Process – processes which are services used by, or provided by, an organization unit; an example could include internet or phone service.
Organization unit (local) definition or classification of processes; used during the creation of processes in the process library and useful in the logical grouping of processes if they are to be made available to other units as resources. An example could include Financial Applications.
The result of completing a Business Impact Analysis (BIA) assessment; the map is a hierarchical overview of a unit’s processes and dependencies on processes to support conducting business as usual.
An action plan specific to the recovery of a system, application, or service; such as the steps required to resume a laboratory experiment after a power outage.
Recovery Point Objective (RPO)
The point in time as determined by the business (e.g. end of previous day’s business) to which systems and data must be restored after an outage.
Recovery Time Objective (RTO)
The time within which applications and data which support a process should be restored (e.g., within one hour).
A process or data made available to other units in an organization for completing a Business Impact Analysis (BIA) assessment.
The definition or classification of resources which are made available to other units in Shadow-Planner; useful in logical grouping of resources managed and provided by an organization unit to other units.
Responsibility is part of an Action Plan and refers to the “who” such as, “the designated team leader.”
Shadow-Planner (by Office Shadow, Inc.) is the database-driven, online tool chosen by the University for mission continuity planning and management and specially configured for Penn.
A tabletop exercise provides a practical check of procedures to follow should a particular event occur. Participants, including Plan Liaisons, Contributors, and other stakeholders that put together a department’s mission continuity plan, use a tabletop exercise to test notification (contact lists and call trees), recovery management, tasks and responsibilities as well as overall communications. A tabletop exercise allows a department to test critical to-do lists, call trees and planning documents to ensure every scenario has been covered and that information is up to date and correct. It is an important step in the continuous improvement activity, particularly as business functions change over time.
Key technology and systems that are essential to the resumption/continuation of your unit’s most critical processes and functions. Examples include a Blackboard site for a class, or enterprise-wide technology like the University’s Payroll/Personnel system, PennNet, or e-mail.
Key third-party partners or suppliers that are essential to the resumption/continuation of your unit’s most critical processes and functions. Examples include an external vendor that supplies specific laboratory animals with a special food diet or an internal administrative center, such as Information Systems and Computing, that supplies an organization’s primary e-mail system.
Triggers are part of an Action Plan. A trigger is an event, the “when”, that sets an Action Plan in motion, for example, “when a building outage occurs due to a fire or flood.”
Vital documents are records essential to the continued functioning or reconstitution of an organization during and after an emergency. They include those records essential to protecting the rights and interests of that organization and of the individuals directly affected by its activities. Examples at the University include gift agreements and research contracts.