| This general implementation guidance is provided for IAMs/IAOs involved in the creation of a system or organizational Continuity of Operations (COOP) plan: |
1. Identify an alternate site that has the capability to at least partially restore mission or business essential functions.
2. Establish a program to ensure comprehensive and effective continuity of essential functions during a broad spectrum of emergencies or situations that may disrupt normal operations (e.g., power failures, damage to facilities caused by storms, fires, flooding, etc.)
3. Ensure that the program includes a strategy to recover and perform partial system operations at the alternate facility for an extended period of time.
4. Partial restoration of mission or business essential functions at an alternate site shall be based on the results of a business impact analyses that identifies and ranks major information systems and mission-critical applications according to their operational priority and the maximum permissible outage for each.
5. Review the system contingency plan to ensure that the alternate site is able to support partial system operations as defined in the plan.
6. The contingency plan shall provide detailed procedures and capabilities to facilitate recovery and sustain functions at the alternate site.
7. The contingency plan shall define a strategy for computing needs to include hardware, software, communication lines, applications, and data. The plan should also include the operators, management, and technical support personnel that will implement the contingency plan.
8. The alternate site shall include HVAC capabilities and any specialized security equipment to sustain partial operations