The activities performed by the agency to ensure critical functions are available to entities needing access to those functions. Business continuity is related to restoring normal day-to-day functions in the event of service disruptions. Business continuity planning is different than disaster recovery planning.
The effort to ensure that mission-essential functions continue to be performed during a wide range of emergencies which could be localized or widespread.
All public-facing content, including websites, applications, documents and media, blog posts, and social media content. Certain non-public-facing content that must also comply. Examples include: All electronic content used for official business to communicate: emergency notifications, initial or final decisions adjudicating administrative claims or proceedings, internal or external program or policy announcements, notices of benefits, program eligibility, employment opportunities or personnel actions, formal acknowledgements or receipts, questionnaires or surveys, templates or forms, educational or training materials, and web-based intranets.
A known system defect or enhancement request that if left unresolved could significantly impact business operations, compliance with statute or policy, the integrity of the system or data or otherwise create a public health, safety or other significant risk areas.
Restarting technology operations after an outage using processes, policies and procedures prepared for recovery or continuation of mission-essential technology infrastructure after a disaster.
These processes are found in a DR Plan. DR is a subset of business continuity and COOP.
The three principal goals of DR are to:
The processes, procedures, systems, IT infrastructure, data, and communication capabilities that allow each agency to manage, store, and share information in pursuit of its business mission, including but not limited to:
The point in time, prior to a disruption or outage, to which essential data can be recovered after an outage. This defines the maximum level of data loss that is acceptable in the event of an outage or incident.
The period of time following an event within which a service or activity must be resumed or a technology resource recovered.
The capability of remaining or returning to a normal situation after an event by having multiple ways of performing a function. This may include people, processes or technology. Generally speaking, this means there would be no single point of failure that could stop a process.