CP-01-727 Contingency Planning Policy and Procedures

Contingency Planning Policy and Procedures

CP-01-727
Contingency Planning Policy and Procedures
Contingency Planning
Protect
Contingency Planning
LOW, MOD, HIGH
P1
Yes
May 20, 2016

Continuity of Operations for Agency-owned information resources are documented in the TTI Information System Contingency Plan & Disaster Recovery Plan.

The chief information security officer shall review the Information System Contingency Plan & Disaster Recovery Plan at least annually, and ensure the plan compliments other relevant Agency plans and complies with Federal, State, and TAMUS contingency and continuity of operations planning requirements.

The BCM Program is ineffective since the Business Continuity documentation has not been created and maintained.
The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls; and b. Reviews and updates the current: 1. Contingency planning policy [Assignment: organization-defined frequency]; and 2. Contingency planning procedures [Assignment: organization-defined frequency].
Written, documented COOP documentation is in place.
State organizations shall maintain written Continuity of Operations Plans that address information resources so that the effects of a disaster will be minimized, and the state organization will be able either to maintain or quickly resume mission-critical functions.
Obtain Contingency planning policy and procedures; other relevant documents or records and ascertain if: (I)the organization develops and documents contingency planning policy and procedures. (ii)the organization disseminates contingency planning policy and procedures to appropriate elements within the organization. (iii)responsible parties within the organization periodically review contingency planning policy and procedures. (iv)the organization updates contingency planning policy and procedures when organizational review indicates updates are required. (v)the contingency planning policy addresses purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, and compliance. (vi)the contingency planning policy is consistent with the organization’s mission and functions and with applicable laws, directives, policies, regulations, standards, and guidance. (vii)the contingency planning procedures address all areas identified in the contingency planning policy and address achieving policy-compliant implementations of all associated contingency planning controls.