Skip Navigation
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Internet Explorer is no longer a supported browser.

This website may not display properly with Internet Explorer. For the best experience, please use a more recent browser such as the latest versions of Google Chrome, Microsoft Edge, and/or Mozilla Firefox. Thank you.

Your Environment. Your Health.

Continuity of Operations (COOP) and Disaster Recovery

Rationale

letters showing backup & restore with cloud image

Continuity of operations (COOP) and disaster recovery planning are part of federal requirements for I&IT contingency planning. These efforts identify how critical operations will continue under a broad range of circumstances. Contingency planning is an important business practice that addresses I&IT recovery and survival during and after emergency situations. The federal government’s guiding document for I&IT contingency planning is the NIST 800-34 series document. The federally required guidance from NIST defines eight component plans to address contingency planning. A continuity of operations plan establishes policy and guidance, ensuring critical functions continue, and personnel and resources are relocated to an alternate facility for up to 30 days in case of emergencies. Industry definitions are available to help define scope in these areas.

Goals

  • Comply with NIST requirements that define a contingency planning policy, responsible contacts, and update contingency plan for the NIEHS GSS.
  • Assist the institute in deciding on critical functions over a 30-day period and help sustain those I&IT components.
  • Decide the level of business impact analysis (BIA) required to support these plans and the essential business functions that I&IT must support.
  • Understand the current I&IT approach to contingency planning and detail the I&IT systems under this scope and its supporting plans.
  • Define which I&IT tools must persist during each phase of an event (e.g., email, internet access, voice communications).
  • Utilize the existing NIEHS COOP plan.

Strategic Capability Priorities

Conduct the Business Impact Assessment

COOP-01

NIEHS will utilize the existing COOP program to help identify essential business functions and the I&IT support needed to continue those functions. As part of this effort, the institute will coordinate a formal BIA with the NIEHS community. Providing this information and planning meets the required controls for I&IT certification. The successful completion of the BIA will be the milestone.

Document a Snapshot of the Current Capability

COOP-02

NIEHS will create an information system backup document that provides a current understanding for backup capabilities. GSS documents will be updated, and critical stakeholders informed of the services. The existing NIEHS data center disaster recovery and contingency plans that are part of the NIH documentation that support the ATO will be supplemented with this new information. The documentation provides compliance to the NIST standards and controls.

Perform a Gap Analysis on the Current Capability Versus the BIA Results

COOP-03

NIEHS will evaluate the current disaster recovery capability and identify issues and gaps. The institute will also identify the items that are currently working well for disaster recovery. The document will fulfill required controls for accreditation and inform stakeholders about the services.

Perform Analysis on Offsite Location Needs

COOP-04

Evaluate and decide if NIEHS requires a formal recovery location for the data center and which systems are short-term recoverable. The institute will also decide if the institute needs an alternate storage site based on defined essential functions and invest in this process, and will consider cloud opportunities for alternative storage sites along with Center for Information Technology computing as options in contingency planning actions. Recovery location controls are part of the required NIST accreditation controls. The process and decision will include updates to the Disaster Recovery plan to ensure success.

Include the Existing Campus COOP Information Technology Team

COOP-05

The current campus Information Technology Team (ITT) is responsible for managing and coordinating all I&IT matters related to NIEHS COOP operations. These I&IT efforts will supplement the existing emergency response efforts, as well as all recovery and reconstitution activities. The ITT develops pre-incident strategies necessary for COOP operations; routinely maintains and tests I&IT systems and equipment; and provides consultation, support, and resources throughout COOP activations. Success depends on robust communications. During emergency situations, effective communication is critical in affecting positive outcomes. Reliable and redundant connectivity to provide access to all vital NIEHS files, records, and databases is necessary for NIEHS to continue essential functions. The institute has an existing COOP team to include in this I&IT initiative.

COOP and Disaster Theme Map

I&IT Landscape Agility Analytics Communications & Transparency Foster Collaboration Governance Optimize Resources Workforce Development

COOP and Disaster

COOP-05

COOP-02

COOP-04

COOP-01

COOP-03

See Appendix A: I&IT Priorities Support NIEHS Strategic Themes

Back
to Top