Authors

  1. Frith, Karen H.

Article Content

The core mission of nursing education is to prepare individuals for nursing careers at entry and advanced levels. An information technology (IT) system disruption can cause a significant impact on the educational mission if software, simulation equipment, virtual simulation products, medical equipment, audio/video systems, and specialized products for testing and proctoring are not operational. Nursing programs are required to archive records by their governing bodies; these may be stored using paper, digital, or mixed systems. Securing records requires vulnerability assessments, development of redundant systems, and commitment to sustaining a ready state in case of disruption. IT systems are a critical part of a nursing program's continuity of operations plan (COOP).

 

Though an institution's IT department will develop, review, and test the IT plan for the COOP, academic leaders need to plan for the system's continuity of operations specific to nursing. If programs have decentralized IT specialists, they can advise the academic leaders. Otherwise, institutional-level experts will assist in creating the IT systems portion of the COOP. This column outlines critical elements and points to resources for more information.

 

OVERVIEW OF CONTINUITY PLANS

The US Department of Homeland Security (DHS) has toolkits and templates to create, test, and maintain a continuity plan (DHS, 2021a). The four major steps are as follows: 1) conduct a business impact analysis, 2) identify recovery strategies, 3) develop the continuity plan, and 4) conduct tests and exercises to maintain an effective plan. When applied to IT systems, the recovery of systems and data backup plans are essential.

 

Academic nursing leaders and their faculty can collaborate with IT leaders in their institutions to conduct a business impact analysis (BIA), which is an assessment of the impact of all hazards on the core mission, in this case, nursing education (DHS, 2021b). When performing a BIA, leaders discuss risks and their potential impact. A cybersecurity attack, such as ransomware, is the most likely IT system risk with a huge impact. Other attacks, such as phishing to gain access to private information or passwords, can also significantly impact an educational institution. Leaders can use DHS resources for conducting the BIA at https://www.ready.gov/business-impact-analysis.

 

RECOVERY STRATEGIES

Based on the BIA, academic nursing leaders identify the current state of internal resources to recover from a hazard. For example, they can request a summary of institution-wide recovery strategies, as well as vendor-based IT systems specific to nursing. Next, leaders perform a gap analysis to determine the resources and plans needed to fulfill system recovery requirements. The final step is implementing strategies such as digital backup of paper-based student and faculty records, imaging of software on nursing faculty and staff computers, and backup of essential databases.

 

Disaster recovery requires academic nursing leaders to implement recovery strategies. Data should be backed up as frequently as necessary to ensure that, if data are lost, student education and progression to degree completion are not hampered. IT disaster recovery plan resources developed by the DHS can assist organizations in writing IT disaster recovery procedures and documenting manual workarounds (DHS, 2021c).

 

TESTING, EXERCISES, AND MAINTENANCE

A plan is just that until it is tested. Academic nursing leaders must ensure that faculty and staff are ready to recover from an IT system disaster by including IT backup strategies in orientation for new personnel. Leaders who conduct the recommended annual vulnerabilities testing and disaster exercises/simulation (DHS, 2021c) can update their IT system disaster recovery plans using the results from testing. They are responsible for ensuring regular cycles of IT system testing, faculty and staff participation in IT system disaster exercises, and maintenance of IT systems in readiness for disasters. The following standards can be used as guidance in IT systems continuity plans.

 

* The National Institute of Standards and Technology (NIST 800-37; US Department of Commerce, 2020)

 

* DHS business continuity plans at https://www.ready.gov/business

 

* NIST Standards 800-171 for information security in higher education (Ross et al., 2021)

 

 

REFERENCES

 

Ross R., Pillitteri V., Dempsey K., Riddle M., Guissanie G. (2021). Protecting controlled unclassified information in nonfederal systems and organizations (NIST Special Publication 800-171, Rev. 2). National Institute of Standards and Technology. [Context Link]

 

US Department of Commerce National Institute of Standards and Technology. (2020, January 11). NIST SP 800-37. http://www.nist.gov/privacy-framework/nist-sp-800-37[Context Link]

 

US Department of Homeland Security. (2021a). Business continuity plan [Ready.gov]. http://www.ready.gov/business-continuity-plan[Context Link]

 

US Department of Homeland Security. (2021b). Business impact analysis [http://Ready.gov]. http://www.ready.gov/business-impact-analysis[Context Link]

 

US Department of Homeland Security. (2021c). IT disaster recovery plan [http://Ready.gov]. http://www.ready.gov/it-disaster-recovery-plan[Context Link]