Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

cp-2(5)

contingency plan  | continue essential missions / business functions

assessment objective:

Determine if the organization:

cp-2(5)[1]

plans for the continuance of essential missions and business functions with little or no loss of operational continuity; and

cp-2(5)[2]

sustains that operational continuity until full information system restoration at primary processing and/or storage sites.

potential assessment methods and objects:

Examine: [select from: Contingency planning policy; procedures addressing contingency operations for the information system; contingency plan; business impact assessment; primary processing site agreements; primary storage site agreements; alternate processing site agreements; alternate storage site agreements; contingency plan test documentation; contingency plan test results; other relevant documents or records].

Interview: [select from: Organizational personnel with contingency planning and plan implementation responsibilities; organizational personnel with information security responsibilities].

Test: [select from: Organizational processes for continuing missions and business functions].