COOP in DoD – Part #8 of 10 – Protect the Infrastructure!
This is the eighth paper in a set of 10 on Department of Defense (DoD) Continuity of Operations (COOP) targeted to the oft-overlooked smaller program; this paper’s topic is on Business Continuity Management. Written as part of the Master’s program in Information Assurance (IA) at Norwich University in 2011 and subsequently submitted to the Federal IT Institute, they provide a complete roadmap to create and operate a compliant, cost-effective, and reliable COOP program throughout DoD.
Within the federal government and Department of Defense (DOD), sound and effective emergency communications capabilitieBusiness Continuity Management (BCM) recognizes the mission-critical nature of Information Technology (IT) systems within the organization, and uses Information, Communications, and Technology (ICT) Continuity Planning to ensure that IT systems remain available, secure, and functional in disaster scenarios. Within the federal government and the Department of Defense (DOD), BCM is implemented as Continuity of Operations (COOP) and IT systems provide the backbone enabling agencies to ensure Continuity of Government (COG) just as in the private sector.
However, high-level federal and DOD policy concentrate ITC Continuity Planning on â€œnational essential functionsâ€ (NEFs) that exist to support COG; this emphasis on â€œbig systemsâ€ can sometimes lead smaller agencies and programs to forego the benefits of a COOP Program. This paper analyzes how organizations of all sizes, including small Army Programs that are not normally considered to be NEFs, can benefit from a policy-based and cost-efficient ICT Continuity Plan as part of an overall COOP Plan. Such plans do not need to exceed the Programâ€™s budget and can provide significant assurance that the Program can accomplish its mission despite a disaster scenario.
This paper advocates that the ICT Continuity Plan should be a separate sub-plan within the Programâ€™s overall COOP Plan. Moreover, the Program should follow a standard System Development Lifecycle (SDLC) to ensure that the ICT Continuity Plan is effective without being wasteful. The paper provides practical suggestions aimed at its Army Program use case that apply to the larger federal IT community, and closes with a summary of its findings.