Continuity planning

Continuity planning (also called continuity of operations planning), which includes contingency planning, is a critical component of information protection. Continuity planning controls should be designed to ensure that when unexpected events occur, critical operations continue without interruption or are promptly resumed and that critical and sensitive data are protected. These controls include (1) environmental controls and procedures designed to protect information resources and minimize the risk of unplanned interruptions and (2) a well-tested plan to recover critical operations should interruptions occur.

If service continuity controls are inadequate, even relatively minor interruptions can result in lost or incorrectly processed data, which can cause financial losses, expensive recovery efforts, and inaccurate or incomplete financial or management information.

NIST guidance states that contingency plans for high-risk systems should be tested at an alternate processing site.