Anchor: #i1356119

Section 3: Contingency Planning

Anchor: #i1358146

Introduction

This section establishes how TxDOT uses interim measures to recover information resources after a disruption. It describes the minimum standards that must be in place to effectively create a plan for how to respond if routine business operations are suspended. Contingency planning provides a system-based method to address the “Recover” objective of the Texas CyberSecurity Framework.

Anchor: #i1358236

Protocol

TxDOT will ensure that its information systems have contingency plans to address its backups, disaster recovery, and emergency mode operations. Contingency plans must be tested and reviewed yearly. They must include the periodic testing of backup media to verify its readability. Plans must ensure each system has enough backup data available to restore the systems to a recent, operable, and accurate state. See NIST Special Publication 800-34 revision 1, "Contingency Planning Guide for Federal Information Systems" for steps in creating a contingency plan.

Anchor: #i1358695

General Responsibilities

Information custodians assist the information owners in ensuring the contingency planning policy is followed by maintaining and testing the backups and contingency plans.

Information owners are responsible for developing, testing, reviewing, and maintaining contingency plans for all of their corresponding information systems.

Information Security Officer is responsible for reviewing the contingency plans in coordination with the information owners and information custodians.

Compliance and Standards

See the “Contingency Planning Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Business Continuity Policy.

Previous page  Next page   Title page