Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

CONTINGENCY AND BUSINESS CONTINUITY PLAN

advertisement 
ARTIFACT 3
STRAGEGIC SITUATIONAL AWARENESS (SSAW)
CONTINGENCY AND BUSINESS CONTINUITY PLAN
VERSION 1.0
APRIL 2013
UNCLASSIFIED
SSAW/Program Office Contingency and Business Continuity Plan
Artifact 3
April 2012
NOTE: DoD defines an Information System (IS) as: a set of information resources
organized for the collection, storage, processing, maintenance, use, sharing, dissemination,
disposition, display, or transmission of information. Includes AIS applications, enclaves,
outsourced IT-based processes, and platform IT interconnections. This term IS is used
interchangeably as defined above by DoD.
The Site/Program Office (PO) completing this Contingency and Business Continuity Plan
(CBCP) must state within Section 2, Concept of Operations, if the IS is deemed a Mission
Assurance Category (MAC) I, II, or III, and its confidentiality level Classified, Sensitive, or
Public Information System (IS). It must be stated in those sections how that determination
was made and by whom it was made. This determination should be consistent with the
information provided in Artifact 1, IS Core.
The Site/PO must indicate how they will fulfill their business requirement (i.e. use a manual
process, etc) if the IS is down due to an extraordinary event. Additionally, the Site/PO is to
indicate the amount of time that they can function with the IS being unavailable. If the
Site/PO references a corporate/hosting IS, the Site/PO must ensure that the corporate/hosting
IS’ CBCP incorporates the Site/PO IS’ production requirements. The Site/PO completing
this CBCP should reference/provide, where applicable, the hosting IS’ CBCP; Artifact 1b,
Service Level Agreement (SLA); and/or Artifact 1a, Interconnection Memorandum of
Agreement (MOA), which shows responsibility for and compliance with the contingency
planning requirement. Ensure that you are referencing the latest “approved”
corporate/hosting IS CBCP, SLA, and/or Interconnection MOA.
Additionally, this CBCP must be customized to your IS’s CBCP practices, ensuring that the
requirements shown here are addressed accordingly.
UNCLASSIFIED
SSAW/Program Office Contingency and Business Continuity Plan
Artifact 3
April 2012
TABLE OF CONTENTS
1
INTRODUCTION................................................................................................................. 1
1.1
Purpose............................................................................................................................ 1
1.2
Applicability ................................................................................................................... 1
1.3
Scope ............................................................................................................................... 1
1.3.1
Planning Principles ........................................................................................ 1
1.3.2
Assumptions/Constraints ............................................................................... 2
1.4
2
Applicable Provisions and Directives ............................................................................. 2
CONCEPT OF OPERATIONS ........................................................................................... 4
2.1
System Descriptions and Architecture ............................................................................ 4
2.1.1
Mission Assurance Category and Confidentiality Level ............................... 6
2.2
Line of Succession .......................................................................................................... 6
2.3
Responsibilities ............................................................................................................... 7
2.4
Threats............................................................................................................................. 7
2.4.1
Probable Threats ............................................................................................ 8
3
NOTIFICATION AND ACTIVATION PHASE ............................................................... 9
4
RECOVERY OPERATIONS ............................................................................................ 11
5
RETURN TO NORMAL OPERATIONS ........................................................................ 12
5.1
Concurrent Processing .................................................................................................. 12
5.2
Plan Deactivation .......................................................................................................... 12
APPENDIX A
SSAW LIST ................................................................................................. 13
APPENDIX B
PERSONNEL CONTACT LIST ............................................................... 16
APPENDIX C
VENDOR/CUSTOMER CONTACT LIST .............................................. 17
APPENDIX D
EQUIPMENT AND SPECIFICATIONS ................................................. 18
APPENDIX E
CONTRACTS AND/OR AGREEMENTS ............................................... 21
APPENDIX F
BUSINESS IMPACT ANALYSIS ............................................................. 22
APPENDIX G
CONTINGENCY LOG .............................................................................. 27
List of Tables
Table 2-1: Site/PO Name Abbreviation Risk Analysis Matrix ...................................................... 8
i
Unclassified
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
Table B-1: Personnel Contact List ............................................................................................... 16
Table C-1: Vendor/Customer Contact List .................................................................................. 17
Table D-1: Equipment and Specifications ................................................................................... 18
Table D-2: Critical Resources Workstation/Laptop/Thin Client ................................................. 19
Table D-3: Critical Network Devices .......................................................................................... 20
Table F-1: Outage Impacts and Allowable Outage Times........................................................... 24
Table F-2: Resource Recovery Priorities ..................................................................................... 24
List of Figures
.Figure 2-1:
Hierarchical Diagram ................................................................................................. 7
ii
Add appropriate classification marking
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
1 INTRODUCTION
1.1
Purpose
The purpose of the Contingency and Business Continuity Plan (CBCP) is to prepare for and
address the elements necessary to ensure continuity of service to the critical business functions
during various emergencies. This Strategic Situational Awareness (SSAW) system information
System (IS) CBCP establishes procedures to recover the IS following a disruption. The
following objectives have been established for this plan:

Maximize the effectiveness of contingency operations through an established plan that
consists of the following phases:
o Notification/Activation phase to detect and assess damage and to activate the plan
o Recovery phase to restore temporary IS operations and recover damage done to the
original system
o Reconstitution phase to restore IS processing capabilities to normal operations.



1.2
Identify the activities, resources, and procedures needed to carry out SSAW IS processing
requirements during prolonged interruptions to normal operations.
Assign responsibilities to designated SSAW personnel and provide guidance for
recovering SSAW during prolonged periods of interruptions to normal operations.
Ensure coordination with other staff who will participate in the contingency planning
strategies. Ensure coordination with external points of contact and vendors who will
participate in the contingency planning strategies.
Applicability
This CBCP applies to the functions, operations, and resources necessary to restore and resume
operations as it is currently installed and/or used. This CBCP applies to all persons associated
with SSAW as identified under Section 2.3, Responsibilities.
1.3
Scope
1.3.1 Planning Principles
Various scenarios were considered to form a basis for the plan, and multiple assumptions were
made. The SSAW IS must indicate how the business requirement will be fulfilled if the IS is
down due to an extraordinary event. The applicability of the plan is predicated on these key
principles.


The IS is inaccessible and fails to meet minimum production requirements.
An alternate site and/or alternate process must be developed and available for
implementation if required.
1
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
o The SSAW Program Office (PO) will use the alternate site building and IS
resources to recover functionality during an emergency situation that prevents
access to the original facility.
o The designated computer system at the alternate site has been configured to begin
processing information.
o The alternate site will be used to continue recovery and processing throughout the
period of disruption, until the return to normal operations.
1.3.2 Assumptions/Constraints
Based on these principles, the following assumptions/constraints were used when developing the
IS CBCP:









The IS is inoperable and cannot be recovered within maximum tolerable down time.
Key personnel have been identified and trained in their emergency response and recovery
roles; they are available to activate this CBCP.
Preventive controls (e.g., generators, environmental controls, waterproof tarps, sprinkler
systems, fire extinguishers, and fire department assistance) are fully operational.
IS equipment, including supporting components, are connected to an uninterruptible
power supply (UPS) that provides provide specified time of electricity during a power
failure.
IS hardware and software at the original site are unavailable for at least maximum
allowable down time.
Current backups of the application software and data are intact and available at the
provide address of the offsite storage facility.
The equipment, connections, and capabilities required to operate the IS are available at
the alternate site.
Service agreements are maintained with IS hardware, software, and communications
providers to support the emergency recovery operation.
Disaster recovery, continuity of operations, and emergency evacuation procedures are an
integral part of this plan.
Any additional assumptions/constraints should be added to this list.
1.4
Applicable Provisions and Directives
This CBCP complies with the SSAW IS contingency planning policy as follows:
The organization shall develop a contingency planning capability to meet the needs of
supporting operations in the event of a disruption extending beyond maximum allowable down
time. The procedures for execution of such a capability shall be documented in a formal CBCP
and shall be reviewed at least annually and updated as necessary. Personnel responsible for
target systems shall be trained to execute contingency procedures. The plan, recovery
2
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
capabilities, and personnel shall be tested to identify weaknesses of the capability at least
annually.
STANDARD REFERENCES:
This CBCP also complies with the following federal and departmental policies:









The Computer Security Act of 1987
Office of Management and Budget Circular A–130, “Management of Federal Information
Resources.” 24 December 1985. Revised, Transmittal Memorandum No. 4, Appendix
III, “Security of Federal Automated Information Resources.” 28 November 2000.
Presidential Decision Directive (PDD) 63, “Critical Infrastructure Protection.” 22 May
1998.
PDD 67, “Enduring Constitutional Government and Continuity of Government
Operations.” 21 October 1998.
Department of Defense (DoD) Directive 8500.01E, “Information Assurance (IA).” 24
October 2002. Certified current as of 23 April 2007.
DoD Instruction 8500.2, "Information Assurance (IA) Implementation." 6 February
2003.
DoD Instruction 8510.01, “DoD Information Assurance Certification and Accreditation
Process (DIACAP).” 28 November 2007.
National Institute of Standards and Technology (NIST) Special Publication 800-34,
“Contingency Planning Guide for Federal Information Systems.” Revision 1. May 2010.
NIST Special Publication 800-53, “Recommended Security Controls for Federal
Information Systems and Organizations.” Revision 3. August 2009.
Any other applicable departmental policies should be added.
3
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
2 CONCEPT OF OPERATIONS
2.1
System Descriptions and Architecture
Provide a general description of the system architecture and functionality. Indicate the operating environment,
physical location(s) of primary and alternate sites (to include full address), general location(s) of users, and
partnerships with external organizations/systems. Include information regarding any other technical considerations
that are important for recovery purposes, such as backup procedures. Reference the diagram of the information
system (IS) architecture, including security controls and telecommunications connections from Artifact 1h, C&A
Boundary Diagram. Ensure that the section and paragraph is identified.
The purpose and mission of the SSAW system is to provide AFMS leadership with leading-edge
tools that improve health outcomes, make care more efficient, and reduce risks via situationalbased information from medical and environmental sensors. By employing analytics based off
of expert research and proven algorithms, situational awareness (SA) tools are able to take
advantage of pre-defined triggers and user-defined tools that automatically do the analysis and
delivery for them, with limited errors. SSAW will be utilized, but not limited to, the following
scenarios:


Monitoring Health of First Responders and Casualties – First responders work in extreme
conditions and face many potential hazards.
Pandemic Influenza – Influenza pandemics occur when there is notable genetic change in
the circulating strain of influenza. Bioenvironmental engineers equipped with bio-sensor
backpacks and the proper assays can test for various biological events.
The systems offers a common architecture compatibility to support disparate technologies to
provide real-time, on-scene, actionable sensor data, combined with an integrated analytics
engine, to better serve our war-fighters by providing SA. Data is currently stored in multiple
disconnected repositories, or contained within hundreds of stand-alone systems or
medical/sensor devices. Even when data is brought together physically and logically it still
remains virtually useless to the end user. In this state users must individually combine the right
data elements and analyze them based on a limited knowledge set and interpret them hoping for
the right results. This is both time consuming and laden with errors due to a multitude of factors.
The concepts of the medical and environmental SA tools are to: acquire all of the sensor data
along with other global information sources (AHLTA, ASIMS, CHCS, etc.); format the data to
make it interoperable with millions of other external data layers; process it with advanced
analytics; and disseminate it in the form of knowledge and decision support information at the
point of care, research, and command. With that concept in mind the SSAW architecture is
composed of three distinct components; the Sensor Integration Platform (SIP), the Situational
Awareness Data Analytics (SADA) tool, and the Situational Awareness Data Portal (SADP).
SA is a key part of any decision making process and entails understanding the current
environment and being able to accurately anticipate future problems to enable effective action.
The SSAW system capabilities include the ability to:

Provide configurable health and environmental threat surveillance system prototypes
4
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013






Provide environmental health monitoring and field diagnostic situational awareness
Provide analytics and decision support capabilities for in-garrison, en-route and
expeditionary medical mission requirements
Facilitate the transition of sensor data integration and decision analytics delivery platform
into an ongoing force health protection sensor development
Demonstrate environmental health impact, health hazard predictive modeling capability
Demonstrate node-to-node, bio-analytics, predictive algorithm, data aggregation, fusion,
visualization, and communications capability
Demonstrate an assessment, field test and evaluation validation
In addition the SSAW system must also meet:
 DIACAP standards, Health Information Portability and Accountability Act (HIPAA), and
Privacy Act requirements, and other sensitive data protections as required by AFMS,
USAF, and DoD entities/agencies.
 Current Defense Information Systems Agency security requirements.
SSAW Accreditation Boundary Diagram
Client Workstations
4
Compute Server
SADP
5
443
6
Data Server
SADA
RepDB-1
RepDB-2
3
Master DB
???
Backup DB
2
3306
1
Cell Transmission Device
SIP
Mote Transmission Device
HSDW
Sensors (LifeGuard, RiskWatch, BioSS)
Sensors (LifeGuard, RiskWatch, BioSS)
Figure 2-10: SSAW Accreditation Boundary Diagram
All devices within the IS are represented within the Boundary Diagram Description; list
connections as in example table.
5
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
Label
SOURCE
SERVICE
DESTINATION
PORT
PURPOSE
1
Transmission
Device
ZigBee
Master DB
3306
Data collected by sensor transmitted via
Mote to SSAW database.
2
Master DB
TCP/IP
Backup DB
33306
Master database is backed up to the
Backup DB server.
3
SSAW
Oracle
Data
HSDW
1521
Access initiated by SSAW to obtain
required data fields from HSDW.
443
Client request access to “System” web
server / application access via SA data
portal.
4
Clients
SSL
Compute Server
5
6
Table 1 Internal / External System Port Connections
2.1.1 Mission Assurance Category and Confidentiality Level
For contingency planning purposes, this section identifies the Mission Assurance Category (MAC) and
confidentiality level for the IS. MAC and confidentiality level are described in DoD Instruction 8500.2,
“Information Assurance (IA) Implementation.” MAC include MAC I, II, and III.
This section also includes a discussion of the confidentiality level of data processed by this IS. Confidentiality levels
include classified, sensitive, and public. A brief description of how the MAC/confidentiality level was determined
should be included. Also discuss what type of data the IS receives, processes, transmits, stores, and/or displays?
(e.g., Privacy, Protected Health Information PHI, Personally Identifiable Information PII, etc.)
SSAW is assigned the Mission Assurance Category (MAC) Level III with a Confidentiality
Level (CL) of “Sensitive”; the server cluster component of the system will be staged in an
enclave environment.MAC III classified information systems are administrative in nature and
deemed necessary to conduct day-to-day business, but does not materially affect support to
deployed or contingency forces in the short term. Although the system may be utilized in
peacetime and deployed environments it is not deemed as critical in nature. In the absence of
SSAW functionality; operational capability, without the system, would continue.
2.2
Line of Succession
The SSAW PO and SPAWAR management identifies an order of succession, in coordination
with management to ensure that decision-making authority for this CBCP is uninterrupted. The
provide the title is responsible for ensuring the safety of personnel and the execution of
procedures documented within this CBCP. If the provide the title is unable to function as the
overall authority or chooses to delegate this responsibility to a successor, the provide the title of
the alternate shall function as that authority.
6
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
Continue description of succession as applicable.
2.3
Responsibilities
EXAMPLE TEXT: The following teams have been developed and trained to respond to a
contingency event affecting the IS.
The CBCP establishes several teams assigned to participate in recovering operations. The Team
Name is responsible for recovery of the computer environment and all applications. Members of
this team include personnel who are also responsible for the daily operations and maintenance.
The Team Leader Title directs the Team Name.
Continue to describe each team, their responsibilities, leadership, and coordination with other
applicable teams during a recovery operation.
EXAMPLE TEXT: The relationships of the team leaders involved in IS recovery and their
member teams are illustrated in Figure X-Y below.
Insert hierarchical diagram of teams. Show team names and leaders; do not include actual
names of personnel.
Figure 2-1: Hierarchical Diagram
Describe each team separately, highlighting overall recovery goals and specific responsibilities.
Do not detail the procedures that will be used to execute these responsibilities. These
procedures will be itemized in the appropriate phase sections.
2.4
Threats
When developing strategies for a CBCP, it is helpful to consider the entire range of probable
and possible threats that present a risk to an organization. From that range of threats, likely
scenarios can be developed and appropriate strategies applied. A disaster recovery plan should
be designed to be flexible enough to respond to extended business interruptions, as well as major
disasters.
EXAMPLE TEXT: The best way to achieve this goal is to design a CBCP that could be used to
address a major disaster, but is divided into sections that can be used to address extended
business interruptions. While each of the identified threats could result in a disaster by itself, in
the case of a major disaster, several of the threats might be present concurrently or occur
sequentially, depending on the circumstances.
As a result, it is advisable to develop several levels of strategies that can be applied as needed.
For example, a localized fire in the computing center may render some of that space unusable.
An appropriate strategy for that event may be temporary relocation of personnel to another office
within Site/PO Name Abbreviation headquarters or in suitable local office space in another office
building or hotel. An event that required temporary evacuation of the computer center, such as a
truck accident in the tunnel and a chemical spill that may require several days to resolve, may
7
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
necessitate switchover capabilities and possible regional mirrored redundancy capabilities that
would be transparent to the users. An event of greater magnitude, such as an explosion, may
render the Site/PO Name Abbreviation unusable for an extended duration of time and might
necessitate a strategy based on mirrored redundancy as well as a secondary strategy involving a
commercial “hot site.” Time sensitivity and mission criticality in conjunction with budgetary
limitations, level of threat and degree of risk will be major factors in the development of
recommended strategies.
2.4.1 Probable Threats
EXAMPLE TEXT: The table depicts the threats most likely to impact the Site/PO Name
Abbreviation and components of Site/PO Name Abbreviation and their management. The
specific threats that are represented by (X) are considered the most likely to occur within the
Site/PO Name Abbreviation environment. Sites should adjust accordingly.
Site/PO Name Abbreviation Risk Analysis Matrix
Probability of Occurrence:
High
Medium
Air Conditioning Failure
Low
X
Aircraft Accident
X
Blackmail
X
Bomb Threats
X
Chemical Spills/HazMat
X
Cold/Frost/Snow
X
Communications Loss
X
Data Destruction
X
Earthquakes
X
Fire
X
Flooding/Water Damage
X
Nuclear Mishaps
Power Loss/Outage
X
X
Sabotage/Terrorism
X
Storms/Hurricanes
X
Vandalism/Rioting
X
Table 2-1: Site/PO Name Abbreviation Risk Analysis Matrix
8
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
3 NOTIFICATION AND ACTIVATION PHASE
EXAMPLE TEXT: This phase addresses the initial actions taken to detect and assess damage
inflicted by a disruption to the IS. Based on the assessment of the event, the plan may be
activated by the Contingency Planning Coordinator.
NOTE: In an emergency, the top priority is to preserve the health and safety of its staff
before proceeding to the Notification and Activation procedures.
Contact information for key personnel is located in Appendix B, Personnel Contact List. The
notification sequence is listed below:



The first responder is to notify the Contingency Planning Coordinator. All known
information must be relayed to the Contingency Planning Coordinator.
The Contingency Planning Coordinator will notify the systems manager and the Damage
Assessment Team Leader and inform them of the event. The Damage Assessment Team
Leader is to begin assessment procedures.
The Damage Assessment Team Leader is to notify team members and direct them to
complete the assessment procedures outlined below to determine the extent of damage
and estimated recovery time. If damage assessment cannot be performed locally because
of unsafe conditions, the Damage Assessment Team is to follow the Alternate
Assessment Procedures outline below.
Damage Assessment Procedures:
Detailed procedures should be outlined to include activities to determine the cause of the
disruption; potential for additional disruption or damage; affected physical area and status of
physical infrastructure; status of information technology (IT) equipment functionality and
inventory, including items that will need to be replaced; and estimated time to repair services to
normal operations.


Upon notification from the Contingency Planning Coordinator, the Damage Assessment
Team Leader is to describe details here (Call Team, etc.)
The Damage Assessment Team is to provide checklist items here
Alternate Assessment Procedures:


Upon notification, the Contingency Planning Coordinator will notify the systems
manager and the Damage Assessment Team Leader who will provide procedures here
The Damage Assessment Team is to provide procedures here
o When damage assessment has been completed, the Damage Assessment Team
Leader is to notify the system manager who will notify the Contingency Planning
Coordinator of the results.
9
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
o The Contingency Planning Coordinator is to evaluate the results and determine
whether the CBCP is to be activated and if relocation is required.
o Based on assessment results, the Contingency Planning Coordinator is to notify
civil emergency personnel (e.g., police, fire) as appropriate.
The CBCP is to be activated if one or more of the following criteria are met:
1. IS will be unavailable for more than maximum tolerable downtime
2. Facility is damaged and will be unavailable for more than maximum tolerable
downtime
3. Request/receive approval from senior management to implement the CBCP.
4. Other criteria, as appropriate.





If the plan is to be activated, the Contingency Planning Coordinator is to notify the
system manager and all Team Leaders and inform them of the details of the event and if
relocation is required.
Upon notification from the Contingency Planning Coordinator, Team Leaders will notify
their respective teams. Team members are to be informed of all applicable information
and prepared to respond and relocate if necessary.
The Contingency Planning Coordinator is to notify remaining personnel (via notification
procedures) on the general status of the incident.
The Contingency Planning Coordinator is to notify the off-site storage facility that a
contingency event has been declared and to ship the necessary materials to the alternate
site.
The Contingency Planning Coordinator is to notify the Alternate site that a contingency
event has been declared and to prepare the facility for the organization’s arrival.
10
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
4 RECOVERY OPERATIONS
EXAMPLE TEXT: This section provides procedures for recovering the IS at the alternate site,
whereas other efforts are directed to repair damage to the original system and capabilities.
The following procedures are for recovering the IS at the alternate site. Procedures are outlined
per team required. Each procedure should be executed in the sequence it is presented to maintain
efficient operations.
Recovery Goal. State the first recovery objective as determined by the Business Impact Analysis
(BIA), Appendix F. For each team responsible for executing a function to meet this objective,
state the team names and list their respective procedures.
Team Name

Team Recovery Procedures
Team Name

Team Recovery Procedures
Team Name

Team Recovery Procedures
Recovery Goal. State the second recovery objective as determined by the BIA. For each team
responsible for executing a function to meet this objective, state the team names and list their
respective procedures.
Team Name

Team Recovery Procedures
Team Name

Team Recovery Procedures
Team Name

Team Recovery Procedures
Recovery Goal. State the remaining recovery objectives (as determined by the BIA). For each
team responsible for executing a function to meet this objective, state the team names and list
their respective procedures.
Team Name

Team Recovery Procedures
Team Name

Team Recovery Procedures
Team Name

Team Recovery Procedures
11
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
5 RETURN TO NORMAL OPERATIONS
EXAMPLE TEXT: This section discusses activities necessary for restoring IS operations at the
Site/PO Name Site PO Name SSAW original or new site. When the computer center at the
original or new site has been restored, IS operations at the alternate site must be transitioned
back. The goal is to provide a seamless transition of operations from the alternate site to the
operating facility.
Original or New Site Restoration
Procedures should be outlined, per necessary team, to restore or replace the original site so that
normal operations may be transferred. IT equipment and telecommunications connections
should be tested.
Team Name

Team Resumption Procedures
Team Name

5.1
Team Resumption Procedures
Concurrent Processing
Procedures should be outlined to operate the system in coordination with the system at the
original or new site. These procedures should include testing the original or new system until it
is functioning properly and the contingency system is shut down gracefully.
Team Name

Team Resumption Procedures
Team Name

5.2
Team Resumption Procedures
Plan Deactivation
Procedures should be outlined to clean the alternate site of any equipment or other materials
belonging to the organization, with a focus on handling sensitive information. Materials,
equipment, and backup media should be properly packaged, labeled, and shipped to the
appropriate location(s). Team members should be instructed to return to the original or new
site.
Team Name

Team Testing Procedures
Team Name

Team Testing Procedures
12
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
APPENDIX A
SSAW LIST
SSAWs used specifically in this Artifact are to be listed in this appendix.
SSAW
TERM
AFMS
Air Force Medical Service
BCP
Business Continuity Plan
BIA
Business Impact Assessment
BRP
Business Recovery/Resumption Plan
C&A
Certification and Accreditation
CBCP
Contingency and Business Continuity Plan
COOP
Continuity of Operations Plan
CPU
Central Processing Unit
DIACAP
Department of Defense (DoD) Information Assurance
Certification and Accreditation Process
DoD
Department of Defense
DRP
Disaster Recovery Plan
HVAC
Heating, Ventilation, And Air Conditioning
IA
Information Assurance
IAM
Information Assurance Manager
IS
Information System
IT
Information Technology
MAC
Mission Assurance Category
MOA
Memorandum of Agreement
NIST
National Institute of Standards and Technology
OMB
Office of Management and Budget
OS
Operating System
PDD
Presidential Decision Directive
PHI
Protected Health Information
PII
Personally Identifiable Information
PO
Program Office
13
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
SSAW
TERM
POC
Point of Contact
SI
Sensitive Information
SLA
Service Level Agreement
UPS
Uninterruptible Power Supply
14
UNCLASSIFIED
SPAWAR/SSAW Program Office Contingency and Business Continuity Plan
Artifact 3
April 2013
CONTINGENCY AND BUSINESS CONTINUITY PLAN
APPENDIX B - I
The following appendices should be included based on system and plan requirements.
Appendix B - Personnel Contact List
Appendix C - Vendor/Customer Contact List
Appendix D - Equipment and Specifications
Appendix E - Contracts and/or Agreements
Appendix F - Business Impact Analysis
Appendix G - Contingency Log
15
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
APPENDIX B
PERSONNEL CONTACT LIST
IS Name SSAW Personnel Contact List
Title
Point of Contact
(POC)
Phone No. (s)
Work (W):
Mobile (M):
E-mail (s)
Work (W):
Alternate (A):
Contingency Plan
Coordinator
Name
W:
M:
W:
A:
Contingency Plan
Coordinator Alternate
Name
W:
M:
W:
A:
System Manager
Name
W:
M:
W:
A:
System Manager
Alternate
Name
W:
M:
W:
A:
Damage Assessment
Team Lead
Name
W:
M:
W:
A:
Damage Assessment
Team Lead Alternate
Name
W:
M:
W:
A:
Data Owner
Name
W:
M:
W:
A:
Team Members Team
Name
Name
W:
M:
W:
A:
Team Members Team
Name
Name
W:
M:
W:
A:
Team Members Team
Name
Name
W:
M:
W:
A:
Table B-1: Personnel Contact List
16
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
APPENDIX C
VENDOR/CUSTOMER CONTACT LIST
IS Name SSAW Vendor/Customer Contact List
Title
Point of Contact (POC)
Phone No. (s)
Work (W):
Mobile (M):
E-mail (s)
Work (W):
Alternate (A):
Vendor Name and
Address
Name
W:
M:
W:
A:
Vendor Name and
Address
Name
W:
M:
W:
A:
Vendor Name and
Address
Name
W:
M:
W:
A:
Vendor Name and
Address
Name
W:
M:
W:
A:
Customer Name
and Address
Name
W:
M:
W:
A:
Customer Name
and Address
Name
W:
M:
W:
A:
Customer Name
and Address
Name
W:
M:
W:
A:
Customer Name
and Address
Name
W:
M:
W:
A:
Customer Name
and Address
Name
W:
M:
W:
A:
Table C-1: Vendor/Customer Contact List
17
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
APPENDIX D
EQUIPMENT AND SPECIFICATIONS
Critical Resource(s) Server Configuration
Model
Compaq ProLiant ML370
Compaq ProLiant 1600r 500
Central Processing Unit
P3\1133
Memory
1GB SDRAM
384 MB RAM
Disk Storage
4 x 36 GB SCSI drives
3 x 18.2 GB SCSI drives
Tape Storage
Compaq Internal 40/80 GB DLT drive
Network Interface Card
Compaq NC3134 Fast Ethernet 64-bit PCI Dual Base 10\100
System Console
PC Anywhere
Other Hardware
PS/2 mouse and 104-key3.5” FDD
APC Smart-UPS 1500 and 1400
Model
Dell PowerEdge 4400
Central Processing Unit
Memory
512 MB RAM
Disk Storage
4 x 18 GB drives
Tape Storage
Compaq Internal 40/80 GB DLT drive
Network Interface Card
10\100 Ethernet
System Console
PC Anywhere
Other Hardware
PS/2 mouse and 104-key
3.5″ FDD
APC Smart-UPS 1500 and 1400
Table D-1: Equipment and Specifications
18
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
Critical Resource(s) Workstation/Laptop/Thin Client Configuration
Model
Dell Optiplex
Dell Optiplex GX50
Central Processing Unit
Pentium III 733 MHZ
Celeron 900 MHZ
Memory
128 MB
Disk Support
10 GB
Monitor
17″
Other Devices
Keyboard, mouse, CD-ROM
Network Interface Card
10/100 Ethernet
Model
300XL
CPU
266 MHZ
Memory
32-64 MB
Disk Support
4 GB
Monitor
17″
Other Devices
Keyboard, mouse, CD-ROM
Network Interface Card
10/100 Ethernet
Table D-2: Critical Resources Workstation/Laptop/Thin Client
19
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
Critical Network Device(s) Configurations
Model
Cisco 1900 Ethernet Switch
Central Processing Unit
Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory
Ports
27 Fixed Ethernet/IEEE 802.3
IOS
Cisco Catalyst 1900/2820 Enterprise Edition Software Version V9.00.05
Model
Cisco 2912-XL Ethernet Switch
Central Processing Unit
WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with
8192K/1024 K bytes of memory
Ports
27 Fixed Ethernet/IEEE 802.3
IOS
Version 12.0(5.2) XU,
MAINTENANCE INTERIM SOFTWARE
Other
Cluster Command and Member Compatibility
Model
Cisco 2950-XL Ethernet Switch
Central Processing Unit
WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with
8192K/1024 K bytes of memory
Ports
24 FastEthernet/IEEE 802.3
IOS
Version 12.0(5.3) WC (1)
Other
Cluster Command and Member Compatibility
Model
Cisco 424 hub
Central Processing Unit
MPC860EN processor with 4096/1024K
Ports
24 10/100 Ethernet
Table D-3: Critical Network Devices
20
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
APPENDIX E
CONTRACTS AND/OR AGREEMENTS
List any Service Level Agreements (SLAs), Memorandum of Agreement, Maintenance and/or
support agreements that have been executed and all subsequent modifications should be
included, with accurate Points of Contact (POCs) and emergency contact information.
Reference these agreements.
21
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
APPENDIX F
BUSINESS IMPACT ANALYSIS
SAMPLE BUSINESS IMPACT ANALYSIS (BIA)
The following scenario represents a sample BIA. It is meant to present the process used to
determine the roles and resources necessary to restore interrupted business functions. It is not
all inclusive and must be adapted to individual situations.
ABC Site maintains a small field office with an IS that supports about XX users. The office
relies on the IS and its components for standard automated processes, such as developing and
using spreadsheets, word processing, and electronic mail (e-mail). The office also maintains a
customized database application that supports Inventory, a key resource management process.
The network manager is responsible for developing an IS contingency plan and begins with the
BIA. The IS includes the following components (list all components in the C&A Boundary):








Authentication/network operating system server
Database server (supports customized Inventory database application)
File server (stores general, non-Inventory files)
Application server (supports office automation software)
Networked printer
E-mail server and application
XX computers
XX hubs
The Contingency Planning Coordinator begins the BIA process by identifying the stakeholders.
In this case, the coordinator identifies and consults with the following individuals (make
applicable to your environment):







Facility manager
Inventory process manager
Sampling of IS users
Data owner
System Manager
Information Assurance Manager (IAM)
System administrators for each network server
Based on subsequent discussions, the coordinator learns the following information:

The Inventory system is required to support the parent agency’s master resource
management operations; the system provides updated data to the larger system at the end
of each business day. If the system were unavailable for more than maximum tolerable
downtime days/hour, significant business impacts would result at the parent agency.
Inventory requires a minimum of XX personnel with computers and access to the IS.
22
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY





Other non-Inventory processes may be considered noncritical and could be allowed to
lapse for up to XX days.
The XX manager(s) indicate(s) that e-mail is an essential service; however, staff can
operate effectively without e-mail access for up to XX days.
Staff could function without access to the spreadsheet application for up to XX working
days without affecting business processes significantly.
Word processing access would need to be restored within XX working days; however,
individuals could use manual processes for up to XX days if the required forms were
available in hard-copy format.
Outputs from the day’s Inventory system records normally are printed daily; the data to
be printed may be stored on any computer used by the Inventory system staff. In an
emergency, the Inventory system output could be transmitted electronically via e-mail for
up to XX days before significantly affecting business operations. Other printing functions
would not be considered essential and could be unavailable for up to XX days with no
impact on business functions.
Based on the information gathered in discussions with stakeholders, the Contingency Planning
Coordinator follows the three-step BIA process to identify required IS resources, identify outage
impacts and allowable outage times, and develop recovery priorities.
Identify Required IT Resources
The manager identifies the following resources as required, meaning that they support business
processes:










Authentication/network operating system server (required for users to have IS access)
Database server
E-mail server and application
XX computers
One hub
Network cabling
Electric power
Heating, ventilation, and air conditioning (HVAC)
Physical security
Facility
Identify Outage Impacts and Allowable Outage Times
Next, the manager determines outage impacts and allowable outage times for the required
resources:
23
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
Resource Component
Outage Impact
Allowable Outage Time
Authentication server
Users could not access Inventory system
XX hours
Database server
Users could not access Inventory system
XX hours
E-mail server
Users could not send e-mail
XX days
XX computers
Users could not access Inventory system
XX hours
Hub
Users could not access Inventory system
XX hours
Network cabling
Users could not access Inventory system
XX hours
Electric power
Users could not access Inventory system
XX hours
Printer
Users could not produce Inventory reports
XX days
Table F-1: Outage Impacts and Allowable Outage Times
Develop Recovery Priorities
Using the table completed in the previous step, the Contingency Planning Coordinator develops
recovery priorities for the system resources. The manager uses a simple CAT I-, CAT II-, CAT
III-scale to prioritize the resources. CAT I priorities are based on the need to restore resources
within their allowable outage times; CAT II and CAT III priorities reflect the requirement to
restore full operational capabilities over a longer recovery period.
Critical Resources
Recovery Priority
Authentication server
CAT I
Database server
CAT I
XX computers
CAT I
XX hub
CAT I
Network cabling
CAT I
Electric power
CAT I
E-mail server
CAT II
Printer
CAT II
Remaining computers XX
CAT III
Remaining hubs XX
CAT III
Table F-2: Resource Recovery Priorities
Having completed the BIA, the Contingency Planning Coordinator may use the recovery priority
information above to develop strategies that enable all system resources to be recovered within
their respective allowable outage times and in a prioritized manner.
A template for completing the BIA is provided on the following page.
24
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
Upon completion of your analysis, you are now ready to begin the actual BIA.
Business Impact Analysis (BIA) Template
This sample template is designed to assist the user in performing a BIA on an IS. The BIA is an
essential step in developing the contingency plan. The template is meant only as a basic guide
and may not apply to all systems. The user may modify this template or the general BIA
approach as required to best accommodate the specific system.
Preliminary System Information
Site/Program Office Name:
Date BIA Completed:
IS Name:
BIA POC:
System/IS Manager Point of Contact (POC):
System Description: Discussion of the system purpose and architecture, append the IS diagram(s).
A. Identify System POCs
Role
Internal: Identify the positions or offices within your organization that depend on or support the system; also specify
their relationship to the system


External: Identify the positions or offices outside your organization that depend on or support the system; also
specify their relationship to the system


B. Identify System Resources Identify the specific hardware, software, and other resources that comprise
the system; include quantity and type
Hardware

Software

Other resources

25
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
C. Identify critical roles, resources, outage impacts, and allowable outage times Identify and align roles,
resources, outage impact, and the maximum allowable downtime in the order of importance.
Critical Roles
List the roles identified in
Section A that are deemed
critical to the resource
Resource
Outage Impact
Identify the IS resources
needed to accomplish the
critical roles
Identify the impact of the
outage (e.g., communications,
customer access)
Maximum Allowable
Downtime
Identify the maximum
acceptable period that the
resource could be
unavailable before
unacceptable impacts
resulted
D. Prioritize resource recovery List the priority associated with recovering a specific resource, based on the outage
impacts and allowable outage times provided in Section C. Use qualitative scale (e.g., CAT I/CAT II/CAT III)
Resource
Recovery Priority
26
UNCLASSIFIED
Site/Program Office Information System (IS) Name Contingency and Business Continuity Plan
Artifact 3
Month YYYY
APPENDIX G
CONTINGENCY LOG
This section should include the assessments and results of any exercise or real contingency
operations. It should be written from available documentation after recovery and restoration.
Include a comprehensive lessons learned page, documenting unanticipated difficulties, staff
participation, restoration of system backups, permanently lost data and equipment, and
shutdown of temporary equipment used for the resumption, recovery, and restoration.
27
UNCLASSIFIED
Related documents
Business Continuity Plan
Business Continuity Plan
Structural Contingency Perspective
Structural Contingency Perspective
Money Doctor - Are you in Financial Difficulty
Money Doctor - Are you in Financial Difficulty
What is Contingency Planning - Karamoja Health Data Center
What is Contingency Planning - Karamoja Health Data Center
Download
advertisement