COOP’s 10 Point
Checklist
A well-developed COOP plan
identifies and answers 10 “must know” questions an
IT department faces if their agency has to relocate or telework.
Resources abound offering specific guidance to developing and building
the IT infrastructure needed to support your individual COOP. And when
you research the experts*, they agree a well-thought out COOP includes
these 10 points:
1.
People Are First
At your site, the safety of the staff, customers and industry partners
is Number One. There is a specific plan to get food, water,
medical or emergency personnel if needed. But most likely, in
a COOP situation, staff will be working remotely, at some other
designated site for an extended period of time. In this scenario you
are going to deliver business-critical applications securely to users
at any location on any device, thus creating a virtual workplace made
up of mostly teleworkers.
On the infrastructure side you are going to need high-availability
systems connected to redundant data centers that deliver these
applications through wired, wireless and satellite networks.
On the people side, you are going to equip your virtual workplace with
the applications, communications and collaboration tools your staff
needs to remain informed and productive during a disruption. The basic
concept is that through notification, communication and collaboration,
the end result is continuation.
2.
Document Your Plan, Designate and Define Roles
Your COOP identifies the most basic duties, your “mission
essential functions” and a succession plan. Every
COOP plan should envision the worst-case scenario. Document
your plan and share it with staff. Designate roles and define
responsibilities within the IT shop to handle procedures. List all
critical names and contact information, including phone and cell
numbers, pagers, and e-mail for your agency emergency team; critical IT
personnel; service and emergency management; local contractors and
critical customers. Make an inventory.
Identify three separate lists of operational functions based on the
length of time you are relocated. COOP guidance for
government agencies requests that mission essential functions are
arranged in the categories of 1 day, 1 week, and 1 month or more.
3. Have
An Alternate Site Strategy
You may have a primary, secondary or third-choice option, any of which
could mean relocating to a different building, another city, or another
state. The primary principle in alternate site selection is being far
enough away from primary site so an environmental disaster
won’t affect both sites – more than 75 miles.
Questions to be thinking about in this process include: Does the
alternate facility have basic necessities such as telephones, desks,
computers, internet, and if so, how many? Is there enough
room for your entire staff? The more your alternate site is
like your agency environment; the easier it will be to recover and
resume
normal operations.
4.
Protect Vital Information – Back It Up
Storage Area Networks (SAN) and Network Attached Storage (NAS) are two
storage networking technologies that can replicate data and protect
vital records.
While there are fundamental differences between SAN and NAS, both have
their place in the IT environment. SAN describes an architecture,
providing connectivity among multiple storage devices and servers. NAS
is a specific product between application servers and file systems. SAN
can send both files and data blocks, while NAS can send only files.
Because of these characteristics, NAS is appropriate for file serving,
file sharing and low-intensity applications. But for the large scale
efforts and the data replication needed in support of COOP, SAN is more
robust.
5.
Establish Interoperable Communications
Providing interoperable communications, redundancy in networks and
systems and effective storage management are critical to insure
continued access to data. Your virtual workforce is going to
need multiple options to access available data through VPN or Web-based
access using “any to any” connectivity provided
through wired, wireless or satellite connections.
FPC-65
defines COOP as the activities that ensure essential functions are
performed. This includes delineating essential functions; specifying
succession plans and emergency delegations; safekeeping of vital
records and databases; identifying alternate sites; providing
interoperable communications; and validating the capability through
tests, training, and exercises. |
Replication and redundant network paths are necessary for COOP, but if
servers fail, data still is inaccessible. Clustering is one methodology
for continuity of the server environment and is offered by a number of
suppliers who have different ways of implementation, but provide
similar outcomes. Basically they all enable two or more servers to work
in conjunction to ensure that a service is always available, insuring
continuity of operations.
6. Plan
To Stream Applications To Fulfill IT Requirements
Virtualization solutions exist to accelerate application delivery over
any WAN, anywhere, by optimizing the broadband connection between the
temporary facilities or other distant locations and the enterprise data
center. They allow you to leverage a single application security point
for immediate worker productivity and a single control point for rapid
IT security response. They also speed Web application delivery, by
maximizing the performance of Web applications, while delivering them
securely to workers and customers anywhere on their mobile device.
You can improve continuity through server virtualization. For an agency
that can mean servicing online client requests by maintaining Web
application availability when there is a data center outage, and
transparently redirecting user traffic to the closest surviving data
centers, based on either geographic or network proximity.
For your virtual workforce, virtualization reduces data security risks
when delivering Windows desktops and enables your virtual staff to
receive a fresh new desktop instantly. It provides fast data backup and
restore. Plus it allows IT to retain control of the IP to reduce the
security risk of data loss at the endpoint.
But most importantly, it gives your virtual staff a familiar work
environment in their temporary work environment with access to their
files, business applications, office suite and interfaces.
7.
Ensure Voice Communications
COOP must include methods to communicate with colleagues and customers,
through all available means starting with your incumbent voice network.
Then add to that mobile and IP telephony capabilities.
Switched networking technologies not only facilitate network
redundancy, but also enable convergence of voice, video, and data
communications on a single network infrastructure. GSA’s new
Networx telecommunications contract provides methods for agencies to
buy the managed services needed to provision your teleworking workforce.
8.
Monitor and Manage
How would your IT function if you lost phone lines, high-speed
connections, and/or third-party connectivity? Be sure to review plans
and backup with all service providers.
Essentially, you need to duplicate the primary network monitoring and
management system(s) in the alternate site. Capabilities
should include: primary network management, including SNMP polling of
network devices and presentation of a network map; root-cause analysis
and event correlation; trending and baselining; and configuration
management and analysis.
9.
Develop Your Disaster Recovery Plan
Traditionally, COOP focuses on the first steps of an
emergency—what to do immediately and for an interim period of
weeks when normal operations are disrupted.
A Disaster Recovery Plan encompasses the entire long-term process
– from first response, through interim recovery, to
reconstitution of all capabilities
available prior to the emergency including: security, data
availability,
network services, software tools and testing services.
10.
Educate, Exercise and Review
FPC 65 mandates testing your COOP regularly. As FEMA’s MG
Martha Rainville says, “you must live and breathe
it.”
To help you, GSA has set up a BPA where COOP training can be purchased.
Visit www.gsa.gov. Search “COOP Training”.
FEMA offers its IS-547 Introduction To COOP, a five hour web-based
course designed for everyone from senior managers to those involved
directly in the COOP. Training provides a working knowledge of the COOP
guidance found in FPC 65 and an overview of what COOP is and is not and
the elements of a viable COOP program including. Find information at
http://training.fema.gov/.
The DHS Office of National Security Coordination (DHS-FEMA) in
collaboration with GSA and OPM has also created a new
course: Continuity of Operations Manager’s
Training.
This two and half-day course covers the new FPC 65 and
elements of a viable COOP. Its focus is for managers with a
‘Train the Trainer’ component. For more
information, please contact either the Department of
Homeland Security (DHS) Office of National Security Coordination at
(202) 646-4128 or (202) 646-4329.
Additionally, all federal managers must submit the NETC Admission form
75A. The form may be downloaded by accessing the Emergency Management
Institute website at:
http://training.fema.gov/EMIWeb/StudentInfor/application.asp.
General information about COOP is available from FEMA at http://www.fema.gov/government/coop/index.
*Sources: GSA, OPM, DHS, FEMA,
GAO, Netstar 1,
Ready.gov, Citrix, VMware, RIM.
|
![1105 Government Information Group [happiness]](/images/1105logo_website.gif "Government Computer News [happiness]")
