Table of Contents | Appendix C-25 | Appendix C-27

APPENDIX C-26

CONTINGENCY PLAN

OMB A-130, "Management of Federal Information Resources," appendix III, "Security of Federal Automated Resources," requires the preparation of plans for general support systems and major applications to ensure continuity of operations. The purpose of preparing for contingencies and disasters is to provide for the continuation of critical missions and business functions in the event of disruptions. The preparation for handling contingencies and disasters is generally called contingency planning, although it has many names (e.g., disaster recover, business continuity, continuity of operations, or business resumption planning). A contingency plan, which consists of an emergency response plan, a backup operations plan, and a post-disaster recovery plan, must be prepared for all general support system. A contingency plan consisting of a backup operations plan and a post-disaster recovery plan, must be prepared for all major applications. Typically, the major application contingency plan identifies the critical business functions needed to ensure the availability of essential services and programs, while the general support system contingency plan ensures the continuity of operations. Organizations whose major applications process at a general support facility should work with the facility management to develop a plan for post-disaster recover (i.e., which applications should be restored first).

A contingency plan for general support systems describes the appropriate response to any situation that jeopardizes the continuity of information processing and/or telecommunications services. The plan is a series of written action items that document the process to be followed to support critical applications in the event that they are interrupted or destroyed. It provides an alternative means of automated processing or manual support during a disruption. Post-disaster recovery plans are detailed plans that provide for the orderly restoration of the general support system and telecommunications processing that are the primary means of performing business functions.

One of the most important aspects of successful contingency planning is the continual testing and evaluation of the plan itself. Developing test plans which adequately and reliably exercise the contingency plan itself require considerable skill and great care to meet the objective of providing tests which are entirely realistic while still economically feasible. Care must be taken to see that the tests involve the most important systems to be supported in the contingency environment.

A contingency plan should consist of three parts which address two distinct mutually exclusive sets of activities:

1.0 PRELIMINARY PLANNING

This part of the plan describes the purpose, scope, assumptions, responsibilities, and overall strategy relative to the plan. Misconceptions concerning these concepts are quite common and must be clearly addressed to ensure they are communicated to those who must effectively respond to a contingency by implementing the plan. This part should conclude with a section which provides for recording changes to the plan. Recommended contents for each section of Preliminary Planning are presented below.

1.01 Purpose

This section should describe the reason and objective for having a contingency plan

1.2 Scope

This section should describe in concise terms the extent of the coverage of the plan.

1.3 Assumptions

A contingency plan is based on several categories of assumptions. Most can be established only after the completion of a risk assessment. See Security Risk Assessment in Appendix C-16. The entire list of assumptions for inclusion in the document cannot be completed until well along in the planning cycle. Included in the set of assumptions should be the following:

- Nature of the Problem
- Priorities
- Commitments to or Assumptions of Support

1.4 Responsibilities

This section should document the specific responsibilities as assigned by management to all activities and personnel associated with the plan.

1.5 Strategy

The selection of appropriate strategies should follow the risk assessment. Until the risk assessment is completed, it is difficult to know the critical systems which must be maintained and the demands for resources which will be made to support those critical systems. Information for use in developing strategy is categories by areas as follows:

1.5.1 Emergency Response

The strategies selected must provide a sufficient base upon which procedures can be devised which afford all personnel the immediate capability to effectively respond to emergency situations where life and property have been, or may be, threatened or harmed.

1.5.2 Backup Operations

Most backup sites will not have sufficient equipment, personnel, supplies, etc., to sustain the complete operational requirements of another facility. In this case, a more detailed backup strategy must be developed.

1.5.3 Post-Disaster Recovery Actions

The strategy for recovery must be linked closely with that of Backup Operations as initiation of recovery actions may overlap At the very least, the post-disaster recovery plan should be the next step after backup operations in restoring the IT processing capability after partial or complete destruction of the facility, or other resources.

1.6 Record of Changes

An essential element of any volatile document, such as a contingency plan, is a method of preparing, posting, and recording changes to the document. Entries in this section include change number; date; pages changed, deleted, inserted; name of person posting change; when posted; plan destruction; and other information as local conditions warrant.

1.7 Security of the Plan

Once documented, the plan provides a significant amount of information about the organization which, is misused, could result in considerable damage or embarrassment. Consequently, the plan should be made available to just those personnel affected by the plan.

2.0 PREPARATORY ACTIONS

This section of the contingency plan is a key part of the document. Preparatory Actions are critical to the emergency response, backup, and recovery form all but the most routine problems.

2.1 People

No other functional element is so critical to the recovery from damaging losses. This section should provide names, addresses, and telephone numbers of all people who may be required in any backup or recovery scenario. Alternates for persons with peculiar skills or with skills in very short supply must be designated.

2.2 Data

Care must be taken to make sure that multiple generations of backup files are taken so that the period spanned is short enough to satisfy the needs of currency and long enough to span the period needed for recovery. It is essential that all data on which backup and recovery are dependent be adequately recorded, maintained in a current condition, and backup copies adequately secured.

2.3 Software

This section should contain the relationships of programs, to jobs, to data, to functional areas of supported organization, and to people and more, as may be needed.

2.4 Hardware

Contingency plans should minimize, to the greatest feasible extent, the dependence on rapid replacement of hardware. This section should contain a list of the hardware and where replacements are available.

2.5 Communications

A plan should be in place and agreed upon, including a schedule, by all parties who will have a role in establishing communications at an alternate site, to ensure recovery of communications at an alternate site within a reasonable period.

2.6 Supplies

This section should describe any special supplies that are needed to recover critical operations

2.7 Transportation

This section should describe the location of the backup capability. When choosing a backup site, consideration should be given to accessibility and should be free of whatever external problems are hampering the supported facility.

2.8 Space

Describe the physical location where the recovery operations will take plane. When selecting the space, consider space which can be used temporarily and space into which the operation can relocate with relative permanence.

2.9 Power and Environmental Controls

Describe the power and environment controls that are required for the recovery of IT processing.

2.10 Documentation

This section of the plan should describe all backup documentation which is kept in the off-site facility.

3.0 ACTION PLAN

This part of the plan consists of the "what to" actions to be accomplished by those personnel or activities identified in Section 1.4, Responsibilities. This part of the contingency plan includes those things which are to be done in response to a set of problem scenarios. Problem scenarios should be developed based on the outcome of the risk assessment. This part should only consist of concise, short instructions of the specific actions to take in response to each of the previously developed problem scenarios for each of the thee categories listed below.

3.1 Emergency Response

This section should include the immediate actions to be taken to protect life and property and to minimize the impact of the emergency.

3.2 Backup Operations

Describe what must be done to initiate and effect backup operations. Any "how to" instructions for each area should be included in Section 2.0 under preparatory actions.

3.3 Recovery Actions

These instructions should be limited to describing what to do in effecting recovery from disasters.

Note: See Federal Information Processing Standards (FIPS) Publication 87, "Guidelines for ADP Contingency Planning." for more detailed guidance.

CONTINGENCY PLAN OUTLINE

1.0 PRELIMINARY PLANNING
            1.1       Purpose
            1.2       Scope
            1.3       Assumptions
            1.4       Responsibilities
            1.5       Strategy
                        1.5.1       Emergency Response
                        1.5.2       Backup Operations
                        1.5.3       Post-Disaster Recovery Actions
            1.6       Record of Changes
            1.7       Security of the Plan

2.0       PREPARATORY ACTIONS
            2.1       People
            2.2       Data
            2.3       Software
            2.4       Hardware
            2.5       Communications
            2.6       Supplies
            2.7       Transportation
            2.8       Space
            2.9       Power and Environmental Controls
            2.10     Documentation

3.0       ACTION PLAN
            3.1       Emergency Response
            3.2       Backup Operations
            3.3       Recovery Actions

Table of Contents | Appendix C-25 | Appendix C-27