SCON

Identify and prioritize the essential functions that must be performed to ensure service continuity.

Example Work Products

1. A business impact analysis

Subpractices

1. Identify and prioritize the essential services of the organization.

2. Identify the essential functions on which services rely.

3. Analyze the criticality of providing those functions and the impact to services if the essential functions cannot be performed.

4. Prioritize the list of essential functions that must be provided despite a significant disruption.

Identify and prioritize the essential resources required to ensure service continuity.

Example Work Products

1. Orders of succession

2. Delegations of authority

3. Directory of critical staff with contact information

4. Data and systems required to support identified essential service functions

5. Records of service agreements and contracts

6. Records of legal operating charters (e.g., articles of incorporation, authorization by local, state, national government agencies)

7. Staff benefit balances, payroll, and insurance records

8. List of internal and external resources required

9. List of dependencies and interdependencies of resources

Subpractices

1. Identify and document internal and external dependencies.

2. Identify and document key staff and their roles in relation to service delivery.

3. Identify and document organizational and relevant stakeholder responsibilities.

4. Identify and document resources required by essential functions to ensure continuity.

5. Prioritize resources based on an evaluation of impact from their loss or from lack of access.

6. Ensure that safety provisions are made for staff, both internal and external, within the delivery environment and for organizational supporting functions.

7. Ensure that records and databases are protected, accessible, and usable in an emergency.

Establish and maintain service continuity plans that enable the organization to resume performing essential functions.

Example Work Products

1. Formal statement of who has the authority to initiate and execute the service continuity plan

2. List of communication mechanisms needed to initiate the execution of the service continuity plan

3. List of threats and vulnerabilities that could impede the ability of the organization to deliver services

4. List of alternate resources and locations that support the organization’s essential functions

5. Documentation of the recovery sequence

6. List of key staff roles and responsibilities

7. List of stakeholders and the methods used for communicating with them

8. Documented methods for handling security related material as appropriate 

Subpractices

1. Identify and document threats and vulnerabilities to ongoing service delivery

2. Document the service continuity plan.

3. Review the service continuity plan with relevant stakeholders.

4. Ensure that secure storage and access methods exist for the service continuity plan and critical information and functions needed to implement the plan.

5. Ensure that vital data and systems are adequately protected.

6. Document the acceptable service level agreed to by the customer for when a shift between the normal delivery environment and the recovery environment (e.g., site affected by disruption, alternate site) is necessary.

7. Plan for returning to normal working conditions.

8. Develop procedures for implementing the service continuity plan.

9. Revise the service continuity plan as necessary.

Establish and maintain training for service continuity.

Example Work Products

1. 1. Service continuity training material

Subpractices

1. Develop a strategy for conducting service continuity training.

2. Develop and document service continuity training for each category of threat and vulnerability to service delivery.

3. Review service continuity training material with relevant stakeholders.

4. Revise the training material as needed to reflect changes in the service continuity plan and feedback on training effectiveness. 

Provide and evaluate training in the execution of the service continuity plan.

Example Work Products

1. Training records

2. Evaluations of training effectiveness by students and training specialists

3. Suggested improvements to the service continuity plan 

Subpractices

1. Deliver training that covers the execution of the service continuity plan to appropriate staff.

2. Maintain records of those who successfully complete service continuity training.

3. Solicit feedback on how well service continuity training prepared those who will execute the service continuity plan.

4. Analyze training feedback and document suggested improvements to the service continuity plan and service continuity training.

Prepare for the verification and validation of the service continuity plan.

Example Work Products

1. Verification and validation plan for assuring service continuity

2. Evaluation methods used for verification and validation

3. Description of environments necessary to conduct verification and validation

4. Verification and validation procedures

5. Criteria for what constitutes successful verification and validation

Subpractices

1. Develop a plan for conducting service continuity verification and validation.

2. Review with relevant stakeholders the verification and validation plan, including evaluation methods and the environments and other resources that will be needed.

3. Determine the procedures and criteria for verification and validation of the service continuity plan.

4. Identify changes to the service continuity plan from the preparation for verification and validation.

Verify and validate the service continuity plan.

Example Work Products

1. Roster of staff and relevant stakeholders involved in service continuity verification and validation

2. Results of service continuity plan verification and validation

Subpractices

1. Prepare the environment to conduct verification and validation.

2. Conduct verification and validation of the service continuity plan.

3. Record the results of verification and validation activities.

Analyze the results of verifying and validating the service continuity plan.

Example Work Products

1. Verification and validation analysis reports

2. Improvement recommendations for the service continuity plan

3. Verification and validation improvement recommendations

Subpractices

1. Compare actual to expected results of service continuity plan verification and validation.

2. Evaluate whether restoration to agreed service levels or some other planned state was achieved or not.

3. Document recommendations for improving the service continuity plan.

4. Document recommended improvements to the verification and validation of the service continuity plan.

5. Collect improvement proposals for services or service system components as appropriate based on the analyses of results.

6. Provide information on how defects can be resolved (including verification methods, criteria, and the verification environment) and initiate corrective action.