Continuity of Operations Plan (COOP) - Disaster Recovery & Business Continuity
What Is The Continuity of Operations Plan (COOP)?
The COOP is designed to provide a holistic approach to both disaster recovery and business continuity. Our COOP address (1) pre-disaster preparedness, (2) disaster recovery operations, (3) business continuity operations and (4) post-disaster activities.
- The COOP addresses the “how?” questions in an audit, since BC/DR guidance provides the means for how your organization's BC/DR-related policies and standards are actually implemented.
- The COOP provides the underlying BC/DR guidance that must be documented, as many stipulated by statutory, regulatory and contractual requirements.
What Problems Does The COOP Solve?
- Lack of In House Security Experience - Writing disaster recovery / business continuity documentations is a skill that most cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive BC/DR documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The COOP is an efficient method to obtain comprehensive business continuity and disaster recovery documentation for your organization!
- Compliance Requirements - Nearly every organization, regardless of industry, is required to have formally-documented disaster recovery and business continuity processes. The COOP is designed with compliance in mind, since it focuses on leading security frameworks to address reasonably-expected security requirements (see bottom of page for a complete listing).
- Audit Failures - Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The COOP provides a cost-effective and efficient manner to obtain BC/DR documentation.
- Vendor Requirements - It is very common for clients and partners to request evidence of a disaster recovery and business continuity capabilities. The COOP can provide evidence that you need!
Our products are one-time purchases with no software to install - you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The COOP is in an editable Microsoft Word format.
How Does The COOP Solve These Problems?
- Clear Documentation - The COOP provides a comprehensive template for your BC/DR operations to help prove that your recovery capabilities exist. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
- Time Savings - The COOP can provide your organization with a templated solution that requires minimal resources to fine tune for your organization's specific BC/DR needs.
- Alignment With Leading Practices - The COOP is written based on leading frameworks for BC/DR guidance.
The COOP takes a holistic approach to Business Continuity / Disaster Recovery (BC/DR) that utilizes a phased approach to preparing for and responding to incidents. It takes a phased approach incorporates incident response and BC/DR components to create a centralized and strategic approach to emergency management that can scale to deal with the size and scope of disasters and recovery efforts.
- Phase 1 – Prepare
- Phase 2 – React
- Phase 3 – Recover
- Phase 4 – Transition
- Phase 5 – Review & Improve
These phases overlap from incident response at a tactical level (IRPs and DRPs) to intermediate and long-term recovery efforts at a strategic level (BCPs):
- Incident Response Plans (IRPs)
- Disaster Recovery Plans (DRPs)
- Business Continuity Plans (BCPs)
The COOP can stand alone or be paired with other specialized products we offer. At the heart of it, the COOP provides an organization with clear disaster recovery and business continuity documentation that is cohesive and manageable.
The value of the COOP comes from having well-constructed documentation that establishes the clear requirements to protect your organization from disasters. The COOP can help you become audit ready in a fraction of the time and cost to do it yourself or hire a consultant to come on-site and write it for you. The entire concept of this COOP is focused on two things:
- Providing written BC/DR documentation to walk your team members through the steps they need to plan for, respond to and recover from disasters; and
- Help your company be audit ready with the appropriate level of due diligence evidence that allows you to demonstrate your organization meets its obligations.
Product Example - Continuity of Operations Plan (COOP)
The COOP addresses program-level guidance on HOW to actually plan for and respond to both business continuity and disaster recovery (BC/DR) operations. Policies & standards are absolutely necessary to an organization, but they fail to describe HOW BC/DR is actually planned and managed. The COOP provides this middle ground between high-level policies and the actual procedures of how BC/DR is executed by those individual contributors task with BC/DR duties. The COOP comes with a wealth of guidance, including scenario-based guidance, an After Action Review (AAR) template, Lines of Business (LOB) reconstitution steps and more!
|Watch Our Product Walkthrough Video||View Product Example|
Cost Savings Estimate - Continuity of Operations Plan (COOP) Template
When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing the COOP from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:
- For your internal staff to generate comparable documentation, it would take them an estimated 200 internal staff work hours, which equates to a cost of approximately $15,000 in staff-related expenses. This is about 3-6 months of development time where your staff would be diverted from other work.
- If you hire a consultant to generate this documentation, it would take them an estimated 120 consultant work hours, which equates to a cost of approximately $36,000. This is about 1-2 months of development time for a contractor to provide you with the deliverable.
- The COOP is approximately 11% of the cost for a consultant or 25% of the cost of your internal staff to generate equivalent documentation.
- We process most orders the same business day so you can potentially start working with the COOP the same day you place your order.
The process of writing cybersecurity documentation can take an internal team many months and it involves pulling your most senior and experienced cybersecurity experts away from operational duties to assist in the process, which is generally not the most efficient use of their time. In addition to the immense cost of hiring a cybersecurity consultant at $300/hr+ to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months. Even when you bring in a consultant, this also requires involvement from your internal team for quality control and answering questions, so the impact is not limited to just the consultant's time being consumed.
Comprehensive Documentation To Address Contingency Operations
Best Practices For The COOP
We developed the COOP based on the following leading practices:
- The National Institute of Standards and Technology (NIST):
- NIST 800-34: Contingency Planning Guide for Federal Information Systems
- NIST 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
- NIST 800-39: Managing Cybersecurity Risk: Organization, Mission and Information System View
- NIST 800-50: Building An Information Technology Security Awareness and Training Program
- NIST 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
- NIST 800-84: Guide To Test, Training and Exercise Programs for IT Plans and Capabilities
- NIST 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
- NIST 800-181: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
- NIST IR 7298: Glossary of Key Cybersecurity Terms
- NIST IR 8179: Criticality Analysis Process Model: Prioritizing Systems and Components [draft]
- NIST Framework for Improving Critical Cybersecurity (Cybersecurity Framework)
- The International Organization for Standardization (ISO):
- ISO 15288: Systems and Software Engineering -- System Life Cycle Processes
- ISO 22301: Societal Security – Business Continuity Management Systems – Requirements
- ISO 27002: Information Technology -- Security Techniques -- Code of Practice for Cybersecurity Controls
- Other Frameworks:
- Federal Emergency Management Agency Incident Command System (FEMA ICS)
- FEMA Natural Disaster Recovery Framework (FEMA NDRF)
- FEMA National Response Framework (FEMA NRF)
- Cloud Security Alliance Cloud Controls Matrix (CSA CCM)
- Center for Internet Security Critical Security Controls (CIS CSC)
- Control Objectives for Information and Related Technologies (COBIT)
- European Union Regulation 2016/279 (General Data Protection Regulation (EU GDPR))