matter experts who will support in activities of resuming critical business processes and functions after a disruption. The Business Resumption Team will integrate and collaborate with the IT Disaster Recovery Team

personal contact information and procedures for contacting everyone on a list to assess accountability and life/safety of all personnel. 

method that involves assigning notification duties to specific individuals, who in turn are responsible for notifying other recovery personnel. The call tree should account for primary and alternate contact methods and should discuss procedures to be followed if an individual cannot

having subject matter expertise in the business continuity field. The Disaster Recovery International Institute (DRII) is the sole grantor for these certifications, including the MBCP (Master Business Continuity

of items of activities and/or items contained in a plan that one must

that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location

by a group of organizations to share processing facilities and/or office facilities if any one member suffers severe impact from a disaster and

plans, and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of an emergency, system failure, or disaster. A contingency plan may contain any number of resources including workaround procedures,

or taken to ensure the uninterrupted execution of specific executive, legislative, and judicial functions of government in the event of an

designed to relate COOP actions to threat and alert posture. The new system, COOP COGCON, shows actions designated by ratings of 1 through 4, with 1 being the highest, that should be accomplished when the government’s “level of concern” changes from a range of Guarded (i.e., COGCON

essential functions, specifies succession to office and emergency delegation of authority, provides for the safekeeping of vital records and databases, identifies alternate operating facilities, provides for interoperable

of a predetermined set of instructions or procedures mandated by Office of Management and Budget (OMB) A-130 that describe how to sustain major applications and general support systems in the event of a significant

or management approach of an organization's response to a crisis in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, or ability to operate. Elements include situation awareness, business intelligence,

which if handled ineffectively, can dramatically impact an organization's

efforts to control a crisis event consistent with strategic goals of the organization.  Crisis management responsibilities extend to pre-event prevention and preparedness, and post-event restoration and

varied responsibilities to the ICS teams, providing guidance on authorities, communication strategies, building evacuation procedures, call plan, shelter in place procedures, and other relative information to provide

both internal and external to an organization, designed and delivered

internal communication flows to personnel and management and external communication with the public. The most effective way to provide helpful information and to reduce rumors is to communicate clearly and often. The plan should also prepare the organization for the possibility that during a significant disaster the organization may be a communication-forwarding point between personnel, civil and federal authorities, and affected

or process information that cannot be interrupted or unavailable a predetermined amount of time without significant negative impact to an organization’s

and facilities on which the continuance and growth of an organization or business depend, such as power plants, transportation systems, communications systems, water supply; etc. Also, critical infrastructure includes those systems and assets so vital to the nation that their incapacity or destruction would have a debilitating impact on national security, national economic

intended to prevent a threat from attempting to, or succeeding at, destroying or incapacitating critical infrastructures. (FPC 65, PDD 63)  See

Response Plan establishes procedures to address cyber attacks against an organization’s IT system(s). These procedures are designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial of service, or unauthorized changes to system hardware, software, or data (e.g., malicious logic, such as a virus, worm, or Trojan horse).

the amount of damage immediately following a crisis or disaster; evaluation on damages to equipment, hardware, vital records, office facilities, etc., and examination of what can be salvaged or restored and/or what

data from one location to a storage device in real time. Because the data is copied in real time, the information stored from the original location is always an exact copy of the data from the production device. Data mirroring is useful in the speedy recovery of critical data after a disaster. Data mirroring can be implemented locally or offsite at

emergency management support tool.  Capabilities include: tailored desktops, document repository, calendar, geographical information system, situation report capability, iJet advisory and travel intelligence integration, integrated emergency broadcasting using SendWordNow, via a third-party

tool providing situation and awareness updates and status of threats, incidents, and events, reporting enterprise-wide. The Decision Support Portal (DSP), developed by Booz Allen Hamilton, has been implemented

authorities to implement policy and key decisions to ensure rapid response

or relocation of essential personnel and transfer of operations to an alternate site in order to manage the resumption of critical business

Incident Command Team, the Deputy Incident Commander, under the direction of the Incident Commander, organizes and directs the Emergency Operations Center (EOC); assumes interim command and responsibility of the Incident Commander when the Incident Commander is not available; verifies execution of the Incident Commander's directives; ensures that the personnel in charge of functional units detail the activities of their section in

transfer authority and responsibility for essential functions from an agency’s primary operating staff and facilities to other employees and facilities, and to sustain that operational capacity for an extended

(e.g., hurricane, tornado, earthquake, etc.) regardless of cause; any fire, flood, or explosion, causing extensive damage or loss; the inability of an organization to provide critical business functions for a significant period of time, typically necessitating deployment from primary to alternate

to major, usually catastrophic, events that deny access to the normal facility for an extended period. Frequently, DRP refers to an IT-focused plan designed to restore operability of the target system, application, or computer facility at an alternate site after an emergency. The DRP scope may overlap that of an IT contingency plan; however, the DRP is narrower in scope and does not address minor disruptions that do not

set of multiple autonomous processing elements, configured to exchange and process data to complete a single business function. To the user, a distributed system appears to be a single source. Distributed systems use the client-server relationship model to make the application more

to adapt to any crisis throughout an enterprise, i.e., creating hubs, networks, and nodes throughout an organization to enable all divisions

backup data to an offsite server or storage facility. Vaulting eliminates the need for shipment and significantly shortens the time required to

event or crisis requiring immediate action due to potential threat to

with the development, coordination, and direction of all emergency-related planning, preparedness, readiness assurance, response, and recovery measures designed to protect people, assets, and programs and to ensure the continuity of essential functions and facilities in the event of

a team of trained personnel that, when activated during an event, will be operational in exercising command and control activities during an

response teams/officials (municipal, county, state and federal) exercise

tools to facilitate an organization’s readiness to respond to an emergency

and management of business operations within the context of the organization’s culture, beliefs, mission, objectives and organizational structure.  Enterprise-wide programs and structures, including Business Crisis and Continuity Management, should be aligned and integrated with overall

of the relevant internal and external business environment to detect, communicate and initiate appropriate actions to prevent, prepare for, respond to, recover, resume, restore and transition from a potential

between efficiency and effectiveness.  Resilience is in the people, processes, technology, and infrastructure supporting enterprise-wide

to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required. In addition to addressing matters of life safety and evacuation, “response” also addresses the policies, procedures, and actions to be implemented in the event of an emergency. Also, the step or stage that immediately follows a disaster event where actions begin as a result of the event

functions as those that enable the Federal government to provide vital services, exercise civil authority, maintain the safety and well being of the general populace, and sustain the industrial/economic base in

team awareness and performance ability and instill collaborative decision-making;

to respond gracefully to an unexpected hardware or software failure. There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations -- that is, every operation is performed on two or more duplicate systems, so if one fails the other

information resource under the same direct management control that shares common functionality. It usually includes hardware, software, information, data, applications, communications, facilities, and people and provides support for a variety of users and/or applications. Individual applications support different mission-related functions. Users may be from the same

strategic guidance and authority for firm crisis management activities to manage serious events and disruptions affecting single and/or multiple Booz Allen offices.  The GLBAT supports the CFBAT, regional teams, and local crisis management teams. The GLBAT is chaired by the General Counsel and includes the firm’s Treasurer, Chief Administrative Officer,

situations or conditions with the potential to cause injury to people,

exists a potential high risk of impact to a densely populated area, and has high impact and risk to critical infrastructure particularly (e.g., susceptible to high-intensity earthquakes, floods, tsunamis,

system that provides a comprehensive and effective means to disseminate information and warnings regarding the potential risk of terrorist acts

 off-site data processing facility equipped with hardware and system 
 software to be used in the event of a disaster.  An internal hot 
 site is a fully equipped processing site owned and operated by the organization.  

 Incident Command Team, the HR Coordinator performs human resources and 
 administrative functions in response to a crisis and provides resource 
 support to the CMT before and during a crisis, including providing the 

 another contingency solution. A standard desktop computer image can 
 be stored, and the corrupted computer can be reloaded. Imaging will 
 install the applications and setting stored in the image; however, all 
 data currently on the disk will be lost. Therefore, PC users should 
 be encouraged to back up their data files. Because disk images can be 
 large, dedicated storage, such as a server or server partition, may 

 logistics, operational) at the local, regional, or national office office, 

 Command Team and reports up to senior management during a crisis; the 

 that will enable the control and coordination of all activities needed 
 to manage an incident throughout the incident life cycle under the ICS 

 to a disaster or other significant event that could significantly impact 
 an organization, its people, or its ability to function productively.  
 An incident response may include evacuation of a facility, initiating 
 a disaster recovery plan, performing damage assessment, and any other 

 of a predetermined set of instructions or procedures to detect, respond 
 to, and limit consequences of a malicious cyber attacks against an organization’s 

 technology security program that includes capabilities such as managing 

 or general support system identified by boundaries around a set of processes, 

 development of a coordinated recovery strategy for IT systems (major 
 application or general support system), operations, and data after a 
 disruption.  Because an IT contingency plan should be developed 
 for each major application and general support system, multiple contingency 

 risks – information, financial, personnel and operations – in an 
 integrated, uniform, and systematic manner across the enterprise. Risk 
 management provides a whole view of activities across an agency, moving 

 combining the areas of Physical Security, Cyber and IT Security, and 

 those critical functions shared by agencies – both internal and external.  
 Each agency must provide a reciprocal arrangement to ensure that these 
 critical functions can be continued, and that the interdependency must 

 Command Team, the Liaison / Information / Communications function is 
 a primary component of providing vital information to the ICS for appropriate 
 decision support and situational awareness, as well as synthesizing 

 and communications activity evenly across a computer network so that 
 no single device is overwhelmed. Load balancing is especially important 
 for networks where it's difficult to predict the number of requests 
 that will be issued to a server. Busy Web sites typically employ two 
 or more Web servers in a load-balancing scheme. If one server starts 
 to get swamped, requests are forwarded to another server with more capacity. 

 facilities is responsible for preparing for and managing events directly 
 affecting the local office and staff; and may initiate lead with response 

 resources that are redirected or removed due to a disaster. Such losses 
 may include loss of life, revenue, market share, competitive stature, 

 by senior executive members of Federal Government agencies whose mission 
 it is to determine and identify best practices to overcome the myriad 
 challenges faced by their respective organizations, to pool resources, 
 and to identify single points of failure so that in event of a disaster 
 there is a common answer to minimize impact (derived from the firm-hosted 

 essential to the organization’s ability to perform necessary business 
 functions.  A loss of mission-critical applications would have 

 transportable shell custom-fitted with the specific IT equipment and 
 telecommunications necessary to provide full recovery capabilities upon 

 teams in which participants are challenged to determine the actions 
 they would take in the event of a specific disaster scenario. Mock disasters 
 usually involve all, or most, of the applicable teams. Under the guidance 
 of exercise coordinators, the teams walk through the actions they would 
 take per their plans, or simulate performance of these actions. Teams 
 may be at a single exercise location, or at multiple locations, with 
 communication between teams simulating actual ‘disaster mode’ communications. 
 A mock disaster will typically operate on a compressed timeframe representing 

 system availability resulting from a communication failure affecting 

 designed to return to business as usual either at the original or new 

 prevent the loss of life and minimize injury and property damage; provides 
 procedures on how to respond to the protection of employees, i.e., evacuation 
 or shelter in place; defines roles, responsibilities and actions during 
 a crisis. An OEP provides directions for facility occupants to follow 
 in the event of an emergency situation that threatens the health and 

 other than the main facility, where duplicated vital records and documentation 

 conducted on one or more components of a plan under actual operating 

 identifies personnel responsible to assume authority for executing the 
 contingency plan in the event the designated person is unavailable or 
 unable to do so. The Order of Succession includes provisions for implementation 

 vulnerabilities to facilities, personnel, operations, and resources 

 key organizational areas that work together and follow documented responsibilities 
 for the design, development, and implementation of a business continuity 

 and managing tasks and resources to accomplish a defined objective, 

 drives that employ two or more drives in combination for fault tolerance 
 and performance. RAID disk drives are used frequently on servers but 

 length of time that can elapse before the lack of a business function 
 severely impacts the business entity. The RTO is comprised of two components: 
 the time before a disaster is declared, and the time to perform tasks 
 (documented in the disaster recovery plan) to the point of business 

 for and/or implementing procedures for the repair or relocation of the 
 primary site and its contents, and for the restoration of data and normal 
 operations at the primary site. Salvage and restoration is the process 
 of reclaiming or refurbishing computer hardware, vital records, office 

 exposure to loss.  Risks are man-made, political or natural. The 

 the risks to an organization, assessing the critical functions necessary 
 for an organization to continue business operations, defining the controls 
 in place to reduce organization exposure, and evaluating the cost for 
 such controls. Risk assessment often involves an evaluation of the probabilities 

 of assessing the risk to mission/business as part of the approach used 
 to determine adequate security for a system by analyzing the threats 
 and vulnerabilities and selecting appropriate, cost-effective controls 

 measures to deter specific threats to the continuity of business operations, 
 and/or respond to any occurrence of such threats in a timely and appropriate 

 Incident Command Team, the Security/Safety/Facilities Coordinator will 
 anticipate the need for accumulation of equipment and supplies to facilitate 
 an immediate response to a request for logistical support.  Additionally, 
 this Coordinator is responsible for maintaining a list of private vendors 
 that can provide logistical support, which includes the local alternate 

 on a network that manages network resources. For example, a file server 
 is a computer and storage device dedicated to storing files. Any user 
 on the network can store files on the server. A print server is a computer 
 that manages one or more printers, and a network server is a computer 
 that manages network traffic. A database server is a computer system 

 to stay in place when hazardous materials may have been released into 
 the atmosphere.  Shelter-in-Place is an emergency response procedure 
 aimed to keep employees safe while remaining indoors.  Employees 
 will be asked to remain in a selected interior room with no or few windows 
 and take refuge.  Instructions are provided for durations of a 

 teams in which participants perform some or all of their responsibilities 
 and activities in the event of plan activation. A simulation exercise 
 may involve one or more teams and are performed under conditions that 
 at least partially simulate “disaster mode.”  The exercise 
 may be performed at the designated alternate location, typically using 

 a BCP identifying critical business processes and functions that would, 
 upon impact of a disaster, severely impair or destruct the ability of 
 an agency to resume operations. Interviews of stakeholders and examination 
 of priorities of critical business functions would need to be conducted 
 to determine SPOF analysis that map to critical business functions. 

 potential crisis-inducing emergencies; notification of an alert or advisory 
 to executive leadership and senior management; collection and dissemination 
 of all event information, physical and cyber, to national and local 

 account of an event or incident, which is distributed to those in the 
 organization having a need to know through the Decision Support Portal. 

 instructions to an operator to carry out a process or function, or task 

 to exercise or test a completed plan. Team members meet to verbally 
 walk through each step of the plan to confirm the plan effectiveness 
 and identify gaps, bottlenecks, or other plan weaknesses. Promotes quicker 

 Allen Hamilton, the objective of the series is to facilitate the development 
 of a professional community of mission assurance practitioners. Summit 

 of developing information systems through initiation, development and 
 acquisition, implementation, and operation and maintenance. SDLC is 
 a systems approach to problem solving and is made up of several phases, 
 each comprised of multiple steps.  Although contingency planning 
 is associated with activities occurring in the operation/maintenance 
 phase, contingency measures should be identified and integrated into 
 ALL phases of the SDLC. Incorporating contingency planning into the 
 SDLC reduces overall contingency planning costs, enhances contingency 
 capabilities, and reduces impacts to system operations when the contingency 

 is a specialized form of training that typically has the following characteristics: 
 Group Training - Train a group of persons who will need to work together 
 in an actual emergency or crisis; Scenario Based - The training seeks 
 to simulate realistically the types of events and problems that are 
 most likely to occur in an actual emergency or crisis; Role Based - 
 Each participant in the training exercise carries out or performs the 
 responsibilities of his or her actual job, office or position, or assumes 
 the role of another person; and Facilitated - The training is guided 
 by one or more facilitators or moderators, who lead the training, manage 
 the scenario, and provide real-time and post-training feed-back to the 

 electrical, optical, or acoustical means between separate processing 

 to periodically exercise specific action tasks and procedures to ensure 

 documents, references, and records that are required in support of essential 
 functions and must be preserved and available for retrieval for resumption 

 vital records through offsite storage facilities and establishing a 

 office space that contain some or all of the system hardware, software, 
 telecommunications, and power sources. The warm site is maintained in 
 an operational status ready to receive the relocated system. The site 
 may need to be prepared before receiving the system and recovery personnel. 
 In many cases, a warm site may serve as a normal operational facility 
 for another system or function, and in the event of contingency plan 
 activation, the normal activities are displaced temporarily to accommodate 

 campus, or local area networks across greater distances; usually accomplished 

 or contingencies that may be used by a business unit to enable it to 
 continue to perform its critical functions during temporary unavailability 
 of specific IT application systems, electronic or hard copy data, voice 
 or data communication systems, specialized equipment, office facilities,