The COVID-19 pandemic has forced government agencies to think more about their continuity of operations plans (COOP) – or lack of them.
The particular fallout from the pandemic – including widespread telework, closed offices and virtual meetings and confabs – underscores not just the need to prepare for infectious diseases, but for other disasters. Agencies may not need to expect the unexpected, but they need to be prepared to react swiftly to it. They need holistic COOP that position them to maintain continuity during any emergency – what’s known as an “all hazards” approach.
A comprehensive COOP will allow agencies to be resilient rather than reactive. It takes into account partnerships, people and assets – in some cases, worldwide – along with the IT systems supporting them and the emergency communications tools necessary to react quickly and capably. It can ensure that agencies can continue performing their missions despite disruptions from all the physical and cybersecurity emergencies that can occur in a dynamic world.
Below are the five components of implementing COOP that will help agencies plan for a swift response to any crisis:
Automated tools are important to preparation and response. Typically, contingency planning teams are small and may be tasked with developing scores of plans for the different moving parts of an organization, said Patrick Potter, Digital Risk Strategist for RSA. Part of that process needs to be automated, particularly concerning testing and updating plans, as well as developing new ones for other units. Risk assessments and providing documentation for transactional authorizations are also beneficial. “It doesn’t eliminate the human element,” Potter said, but it performs work team members don’t have time for, and gives them the information they need to make quick, data-driven decisions.”
2. Policy Alignment
The bottom line for a COOP is that it allows an agency to perform its mission under any circumstances, so its policy statement, procedures, testing and business impact analyses of potential disruptions should map to those priorities. It also should adhere to security guidance such as the National Institute of Standards and Technology’s (NIST) SP 800-34 and the Department of Homeland Security’s (DHS) National Incident Management System (NIMS) framework. Agencies need a top-down approach, starting with leadership, to make effective COOP part of their culture. “You have to start before the [COOP] to build in those resilient steps,” Potter said.
3. Centralized Management
Coordination is essential to a swift response in any emergency. Centralizing oversight of both disaster recovery and COOP operations ensures consistency throughout an agency while allowing for greater collaboration.
Response requires coordination not just within an agency but with third parties. They could be other federal or state agencies, but they also could include fire departments and other first responders, medical providers and other outside organizations, Kim said. Agencies need to know the resources they want to provide and what types of organizations they’ll work with. Emergency communications systems are an important factor as well. Integrated, IP-enabled messaging and alert systems with automated, web and remote activation capabilities can ensure communications both within and outside the agency, giving responders quick access to recovery strategies and operational procedures.
5. Continuous Improvement
There’s no such thing as a final COOP. In a dynamic threat environment, plans need to adapt to changes in the organization, and be tested and updated regularly. The process for improving a plan must be built into it, which requires commitment from the agency. It will ensure that a plan accounts for recent and emerging threats.
This article is an excerpt from GovLoop’s recent report, “Continuity of Operations: The Big Picture.” Download the full report to explore insights from community members on evolving COOP strategies and a case study on how agencies have benefited from COOP here.