This is the third paper in a set of 10 on Department of Defense (DoD) Continuity of Operations (COOP) that target the oft-overlooked smaller program as a use case. Written as part of the Master’s program in Information Assurance (IA) at Norwich University in 2011 and subsequently submitted to the Federal IT Institute, they provide a complete roadmap to create and operate a compliant, cost-effective, and reliable COOP program throughout DoD.
An organization must identify its critical business functions using a Business Impact Analysis (BIA) prior to implementing a Business Continuity Management (BCM) plan. The same requirement exists within federal government and Department of Defense (DoD) agencies with a significant difference: these agencies must preserve their ability to accomplish their mission rather than their ability to retain revenue. Hence, federal government and DoD agencies implement a Continuity of Operations (COOP) plan by determining their Mission Essential Functions (MEFs). This paper, the third in a ten-part series, analyzes how a small Army Program performs the government equivalent of a BIA to determine its MEFs and to determine protections.
Neither the federal government, DoD, nor the Army define how a particular agency should determine its MEFs and prioritize them to meet policy requirements. This paper analyzes three different good-practice methodologies that enable the agency to identify and prioritize its MEFs in preparation for a formal Risk Assessment of the threats and hazards that face those MEFs. The paper closes by summarizing its findings presenting recommendations for the program manager (PM) to review.
Please let me know your thoughts on this topic, and thanks for checking in with our IA corner. Truly IA is the cornerstone of business function delivery!