Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9 Contingency Planning<br />
Sections 9.1, 9.2 and 9.3 constitute the State <strong>of</strong> Kansas’ Contingency Planning <strong>Policy</strong>. This<br />
policy is to be accompanied by defined Contingency Planning Mandatory Procedures and<br />
Baselines that are distributed in a companion document.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
9. Contingency Planning <br />
9.1. Contingency Plans<br />
9.1.1. Build a Plan (5 sets) (3 sets)<br />
9.1.2. Test the Plan (3 sets) (2 sets)<br />
9.2. Contingency Infrastructure<br />
9.2.1. Required Contingency Infrastructure (1 set)<br />
9.3. Contingency Operations<br />
9.3.1. Build a Team and Provide Training (4 sets) (3 sets)<br />
9.3.2. Backup Scheduling and Frequency (1 sets) (1 sets)<br />
9.1 Contingency Plans<br />
The State <strong>of</strong> Kansas requires the development <strong>of</strong> a contingency plan to address<br />
disruption to, or failure <strong>of</strong>, all information systems that house or access State<br />
controlled information. Contingency plans may indicate that, for non-essential<br />
systems, no actions to restore functionality need be taken.<br />
Contingency plans are used to establish the manner in which information systems will<br />
continue to be operated in the event <strong>of</strong> a catastrophic failure to the information<br />
system or any <strong>of</strong> its components. Without contingency plans the potential exists that,<br />
should some form <strong>of</strong> catastrophic failure occur, the State will be unprepared to<br />
recover from that failure and the unavailability <strong>of</strong> information systems will be<br />
extended.<br />
The plan as developed will outline contingency roles and responsibilities as well as<br />
indicating the individuals assigned to those roles and responsibilities and appropriate<br />
contact information for those individuals. Where appropriate, this contingency plan<br />
will be integrated with related plans (Business Continuity Plan, Disaster Recovery Plan,<br />
Incident Response Plan, etc.) where such plans exist.<br />
Contingency plans are to be tested annually through the use <strong>of</strong> table top exercises and<br />
at least every five years through the use <strong>of</strong> a full-scale test. Where appropriate, this<br />
contingency plan test will be integrated with testing <strong>of</strong> related plans (Business<br />
Continuity Plan, Disaster Recovery Plan, Incident Response Plan, etc.) where such<br />
plans exist. The results <strong>of</strong> these tests will be documented, shared with the security, IT<br />
and senior management. These results will be used in the annual review and, where<br />
required, update <strong>of</strong> the incident response plan.<br />
28