Rationale
Continuity of operations (COOP) and disaster recovery planning are part of federal requirements for I&IT contingency planning. These efforts identify how critical operations will continue under a broad range of circumstances. Contingency planning is an important business practice that addresses I&IT recovery and survival during and after emergency situations. The federal government’s guiding document for I&IT contingency planning is the NIST 800-34 series document. The federally required guidance from NIST defines eight component plans to address contingency planning. A continuity of operations plan establishes policy and guidance, ensuring critical functions continue, and personnel and resources are relocated to an alternate facility for up to 30 days in case of emergencies. Industry definitions are available to help define scope in these areas.
Goals
- Comply with NIST requirements that define a contingency planning policy, responsible contacts, and update contingency plan for the NIEHS GSS.
- Assist the institute in deciding on critical functions over a 30-day period and help sustain those I&IT components.
- Decide the level of business impact analysis (BIA) required to support these plans and the essential business functions that I&IT must support.
- Understand the current I&IT approach to contingency planning and detail the I&IT systems under this scope and its supporting plans.
- Define which I&IT tools must persist during each phase of an event (e.g., email, internet access, voice communications).
- Utilize the existing NIEHS COOP plan.
Strategic Capability Priorities
Conduct the Business Impact Assessment
COOP-01
NIEHS will utilize the existing COOP program to help identify essential business functions and the I&IT support needed to continue those functions. As part of this effort, the institute will coordinate a formal BIA with the NIEHS community. Providing this information and planning meets the required controls for I&IT certification. The successful completion of the BIA will be the milestone.
Document a Snapshot of the Current Capability
COOP-02
NIEHS will create an information system backup document that provides a current understanding for backup capabilities. GSS documents will be updated, and critical stakeholders informed of the services. The existing NIEHS data center disaster recovery and contingency plans that are part of the NIH documentation that support the ATO will be supplemented with this new information. The documentation provides compliance to the NIST standards and controls.
Perform a Gap Analysis on the Current Capability Versus the BIA Results
COOP-03
NIEHS will evaluate the current disaster recovery capability and identify issues and gaps. The institute will also identify the items that are currently working well for disaster recovery. The document will fulfill required controls for accreditation and inform stakeholders about the services.
Perform Analysis on Off-site Location Needs
COOP-04
Evaluate and decide if NIEHS requires a formal recovery location for the data center and which systems are short-term recoverable. The institute will also decide if the institute needs an alternate storage site based on defined essential functions and invest in this process, and will consider cloud opportunities for alternative storage sites along with Center for Information Technology computing as options in contingency planning actions. Recovery location controls are part of the required NIST accreditation controls. The process and decision will include updates to the Disaster Recovery plan to ensure success.
Include the Existing Campus COOP Information Technology Team
COOP-05
The current campus Information Technology Team (ITT) is responsible for managing and coordinating all I&IT matters related to NIEHS COOP operations. These I&IT efforts will supplement the existing emergency response efforts, as well as all recovery and reconstitution activities. The ITT develops pre-incident strategies necessary for COOP operations; routinely maintains and tests I&IT systems and equipment; and provides consultation, support, and resources throughout COOP activations. Success depends on robust communications. During emergency situations, effective communication is critical in affecting positive outcomes. Reliable and redundant connectivity to provide access to all vital NIEHS files, records, and databases is necessary for NIEHS to continue essential functions. The institute has an existing COOP team to include in this I&IT initiative.
COOP and Disaster Theme Map
I&IT Landscape | Agility | Analytics | Communications & Transparency | Foster Collaboration | Governance | Optimize Resources | Workforce Development |
---|---|---|---|---|---|---|---|
COOP and Disaster | COOP-05 | COOP-02 COOP-04 | COOP-01 | COOP-03 |
See Appendix A: I&IT Priorities Support NIEHS Strategic Themes