Overview

Target Audience: All Stakeholders associated with essential functions and the systems that support them. Stakeholders may vary depending on the actual COOP event, however access to and familiarity with the knowledge described in this playbook will enlighten all users.

Knowledge is critical to keeping essential services operating in the event of an emergency and/or disaster. The origin of this knowledge stems from your agency’s COOP Plan which obtains it’s authority from the following directives:

• National Security Presidential Directive (NSPD–51)/Homeland Security Presidential Directive (HSPD–20) - Directive on National Continuity Policy, May 2007
• Federal Continuity Directive 1 (FCD1) - Federal Executive Branch National Continuity Program and Requirements, Jan 2017
• Federal Continuity Directive-2 (FCD2) - Federal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions Identification and Submission Process, June 2017

In working through your COOP planning it’s imperative that the following elements are documented thoroughly and the documents are secured and accessible by those who have a need to know:

• Delegations of Authority
• Orders of Succession
• Alternate Location (s) Facts
• Standard Operating Procedures, Quick Facts
• Communication & Information Systems
• Essential functions, associated systems and their disaster recovery plans

Federal Continuity Directive-2 (FCD2) requires Executive Branch personnel to work through the identification of essential functions by performing:

• Business Process Analysis (BPA)
• Business Impact Analysis (BIA) (System & Process)
• Risk analysis (agency-wide) to further understand the agency’s tolerance for unknown threats

The essential functions give rise to identification of systems that support the essential functions identified. The three documents mentioned are essential components to the Knowledge Arsenal to be built by your agency.

Specific types of events can present their own unique challenges regarding accessing knowledge needed to continue use of essential systems, as well as how knowledge is disseminated given the circumstances surrounding the emergency.

This playbook will address three emergency scenarios that may spark a COOP response:

1. Infrastructure failure (i.e. networks that support major applications are unavailable from the main location)
2. Lack of People (i.e. widespread illness of employees that support major systems);
3. Access to the operational facility is prohibited (i.e. road closure, building is contaminated, mass transit failure).

COOP Stakeholders

Stakeholder identification and knowledge management are integrated, essential components as these persons must have access to information and documentation surrounding COOP activities. Hardcopy files and access to the central document repository is essential.

Knowledge Arsenal

A list of potential artifacts that will prove valuable to users in the event of an emergency can be viewed here. This Knowledge Arsenal, may include documents that may contain information that includes sensitive data such as internet protocol (ip) addresses, so care must be taken in storing this information in both hard copy files and in the knowledge repository.

Systems Unavailable

What essential knowledge is needed to support major systems access if the primary location, it Infrastructure, and internal network, are not operational?

Stakeholders

• Agency Heads
• Information Technology (IT) Branch Chiefs
• Field Site Heads
• Protection POC
• Key Personnel (as identified in your COOP Plan)
• Facility Personnel
• Human Capital Directorate (Human Resources)
• Metropolitan Police Department
• Systems operations Personnel (Providers of day-to-day support)
• Telecom Companies (Sprint, AT&T, T-Mobile, Verizon)
• Network Hubs other than internal to the specific agency (i.e. Treasury TIC (Trusted Internet Connection) used by Treasury agencies)
• Information Technology Directorate (Infrastructure, Security, Networks, Database Administrators and backup personnel
• Chief Information Officer
• Employees
• Major Systems Administrators
• System Owners of Key Systems
• Disaster Recovery (DR) Plan POC
• Disaster Recovery Site Personnel
• COOP Site Personnel
• Directorate Heads (i.e. Finance, Human Capital, Manufacturing, Corporate Communication, Assistant Directors
• Public

Knowledge Arsenal

• Business Process Analysis (BPA)
• Business Impact Analysis (BIA)
• Risk analysis (agency-wide)
• Standard Operating Procedures (i.e. system installation guidelines, restore procedures, login procedures that include server names) per system
• Incident Ticketing System SOP (e.g. ITSM or Remedy)
• Call Tree (Stakeholder phone numbers (call & SMS), email addresses, work phone & personal (confirm we can this)
• Quick Start Guides per systems
• Network Diagrams per systems
• System Architecture per systems
• Step by Step “How To” guides
  • Access Remote VPN
  • Update Telephone Recording to All users
• “What I need to know” documents
• Prior Recovery Testing Report or incident report (after COOP)
• Disaster Recovery Plan
• COOP Plan
• COOP Site
  • COOP Onsite Network Diagram – which would include laps, wireless Wide Area Network (WAN) setup. Location address, COOP Exercise Phones and phone numbers – (i.e. 2 phones with extension)
  • COOP Computers (Laptops) — Maintain current laptops, in specially marked cabinet, moveable cabinet, which are always on the internal network so that machines maintain current patches; COOP switch
  • Identify and communicate location within the COOP site that the team will congregate – Wireless LAN will be needed in there
  • Incident Ticketing System SOP – Web Version url
  • Step by Step “How To” guides
    • Access Remote VPN
    • Update Telephone Recording to All users
  • Building Entry Approval
    • Access to the COOP Location building is often limited. Protection or other entity would need to approve your entry to the building.
  • Contact Lists
    • Need a full list of all persons who can immediately respond to login issues
    • Primary and backup persons who can unlock blocked PIV cards that are blocked (i.e. Protection has limited number of persons who can do this).
  • Communication Template
    • Activate COOP (Templates)
    • Activation email that contains sample text and instructions including COOP Level
    • Basic Requirements Memo
    • Continuity Requirements by COOP Level (levels explained)
    • Communications Test Matrix (Landline, Phone (SAT & Mobile SAT), FAX)
  • Communication Announcement (via phone) All employee – Go to COOP Site. Go to Normal Location. Sample text should be included

Questions

• Have you written your knowledge documents using plain English as much as possible?
• Does the COOP Site POC have access to documents needed to bring up COOP machines and systems?
• Has your agency designated a COOP Site POC backup with access to documents needed to bring up COOP machines and systems?
• Are your essential employees, contractor and federal, telework ready and have documented telework agreements?
• Do employees have the Remote VPN connection (server name) (documented or available from their Government Furnished Equipment (GFE) to use your designated Disaster Recovery site?
• If government furnished equipment (computer) is at my office can I still access the essential systems from an alternate computer acceptable by your agencies’ security team (home computer)?
• Have you discussed position/role-specific knowledge requirements with your team?
• Are required passwords to log in to systems known or accessible?
• Does my agency offer a Citrix like telework site for employees to access in the event their GFE is not available and using home computers is not acceptable management?
• Are system passwords stored securely and are they accessible from an alternate work space?
• Have you identified the gaps between what the primary system owner knows and what the backup staff needs knows?
• Have you identified ways to capture knowledge that may not be obvious?
• Have you explored the official and unofficial knowledge channels in the organization?
• Have you identified and prioritized areas for knowledge collection?

Resources

• http://federalnewsradio.com/wp-content/uploads/pdfs/fedsources.pdf
• https://www.opm.gov/policy-data-oversight/pandemic-information/work-hiring-arrangements/telework-guidance/telework-emergency-preparedness//

Staff Illness or PTO

Stakeholders

• Agency Heads
• Information Technology (IT) Branch Chiefs
• Field Site Heads
• Protection POC
• Key Personnel (as identified in your COOP Plan)
• Facility Personnel
• Human Capital Directorate (Human Resources)
• Metropolitan Police Department
• Systems operations Personnel (Providers of day-to-day support)
• Telecom Companies (Sprint, AT&T, T-Mobile, Verizon)
• Public
• Information Technology Directorate (Infrastructure, Security, Networks, Database Administrators and backup personnel
• Chief Information Officer
• Employees
• Major Systems Administrators
• System Owners of Key Systems
• Disaster Recovery (DR) Plan POC
• Disaster Recovery Site Personnel
• COOP Site Personnel
• Directorate Heads (i.e. Finance, Human Capital, Manufacturing, Corporate Communication, Assistant Directors
• Recovery Vendors (i.e. off-site storage
• IT Services or Help Desk

Knowledge Arsenal

• Standard Operating Procedures (i.e. system installation guidelines, restore procedures, login procedures that include server names) per system
• Incident Tracking System SOP
• Call Tree (Stakeholder phone numbers (call & SMS), email addresses, work phone & personal (confirm we can this)
• Quick Start Guides per systems
• Network Diagrams per systems
• System Architecture per systems
• Step by Step “How To” guides
• “What I need to know” documents

Questions

• Have you discussed position/role-specific knowledge requirements with your team?
• Are back-up employees assigned for all major systems and are they fully capable of fulfilling the role as well as the primary?
• Are operations support personnel who serve as back-up encouraged to alternate into the primary role on a frequent basis?
• Have you identified the gaps between what the primary support and the back-up support knows and is capable of executing?
• Have you identified and prioritized areas for knowledge collection.
• Have you captured procedures that mimic real-world occurrences in a document so less familiar operations staff can execute them?
• Have you explored the official and unofficial knowledge channels in the organization?
• Have you written you knowledge documents using plain English as much as possible?

Resources

• http://federalnewsradio.com/wp-content/uploads/pdfs/fedsources.pdf
• https://www.opm.gov/policy-data-oversight/pandemic-information/work-hiring-arrangements/telework-guidance/telework-emergency-preparedness//

Work Location Unaccessible

What essential knowledge is needed to support major system access if the primary work location is not accessible (e.g. users are prohibited from accessing the building (road closures, building contamination, mass transit failure)?

Stakeholders

• Agency Heads
• Information Technology (IT) Branch Chiefs
• Field Site Heads
• Protection POC
• Key Personnel (as identified in your COOP Plan)
• Facility Personnel
• Human Capital Directorate (Human Resources)
• Metropolitan Police Department
• Systems operations Personnel (Providers of day-to-day support)
• Telecom Companies (Sprint, AT&T, T-Mobile, Verizon)
• Network Hubs other than internal to the specific agency (i.e. Treasury TIC (Trusted Internet Connection) used by Treasury agencies)
• Information Technology Directorate (Infrastructure, Security, Networks, Database Administrators and backup personnel
• Chief Information Officer
• Employees
• Major Systems Administrators
• System Owners of Key Systems
• Disaster Recovery (DR) Plan POC
• Disaster Recovery Site Personnel
• COOP Site Personnel
• Directorate Heads (i.e. Finance, Human Capital, Manufacturing, Corporate Communication, Assistant Directors
• Public
• Recovery Vendors (i.e. off-site storage
• IT Services or Help Desk

Knowledge Arsenal

• Standard Operating Procedures (i.e. system installation guidelines, restore procedures, login procedures that include server names) per system
• Incident Ticketing System SOP
• Call Tree (Stakeholder phone numbers (call & SMS), email addresses, work phone & personal (confirm we can this)
• Quick Start Guides per systems
• Network Diagrams per systems
• System Architecture per systems
• Step by Step “How To” guides
• Access Remote VPN
• Update Telephone Recording to All users
• “What I need to know” documents
• Prior Recovery Testing Report or incident report (after COOP)
• Disaster Recovery Plan

Questions

• Have you discussed position/role-specific knowledge requirements with your team?
• Are your essential employees, contractor and federal, telework ready?
• Do you know the number of employees that will need to use Remote VPN?
• Do employees know the VPN connection to use for the main/backup sites?
• If government furnished equipment (computer) is at my office can I still access the essential systems from an alternate computer acceptable by your agencies’ security team (home computer)?
• Have you identified and prioritized areas for knowledge collection.
• Do essential employees who are the primary POC for the major application have the documentation needed to support the identified applications?
• Does your Wiki site contain the information needed to support applications?
• Do employees have standard operating procedures in hardcopy form?
• Does my agency offer a Citrix like telework site for employees to access in the event their GFE is not available and using home computers is not acceptable management?
• Have you written you knowledge documents using plain English as much as - possible?
• Are system passwords stored securely and are they accessible from an alternate work space?
• Have you identified the gaps between what the incumbent knows and what - the succeeding staff needs to know?
• Have you identified ways to capture knowledge that may not be obvious (such as decision processes used by incumbent staff)
• Have you explored the official and unofficial knowledge channels in the organization?

Resources

• http://federalnewsradio.com/wp-content/uploads/pdfs/fedsources.pdf
• https://www.opm.gov/policy-data-oversight/pandemic-information/work-hiring-arrangements/telework-guidance/telework-emergency-preparedness//

Examples

• Employees are unable to access the building so they are instructed to work from a remote location.
• Employees do not have their GFE and have been instructed to work from a remote location.
• Employees only have their home personal computers at their disposal.

Appendix

Stakeholders

List of potential COOP Knowledge Management Stakeholders are below:

• Information Technology (IT) Branch Chiefs
• Agency Heads
• Field Site Heads
• Protection POC
• Key Personnel (as identified in your COOP Plan)
• Facility Personnel
• Human Capital Directorate (Human Resources)
• Metropolitan Police Department
• Systems operations Personnel (Providers of day-to-day support)
• Telecom Companies (e.g. Sprint, AT&T, T-Mobile)
• Network Hubs other than internal to the specific agency (i.e. Treasury TIC (Trusted Internet Connection) used by Treasury agencies)
• Information Technology Directorates (Infrastructure, Security, Networks, Database Administrators and backup personnel)
• Chief Information Officer
• Employees
• Major Systems Administrators
• System Owners of Key Systems
• Disaster Recovery (DR) Plan POC
• Disaster Recovery Site Personnel
• COOP Site Personnel
• Directorate Heads (i.e. Finance, Human Capital, Manufacturing, Corporate - Communication, Assistant Directors)
• Public
• Recovery Vendors (i.e. off-site storage)
• IT Services or Help Desk

Documents

• List of potential documents that could be contained in your Knowledge Arsenal are below:
• Business Process Analysis (BPA)
• Business Impact Analysis (BIA)
• Risk analysis (agency-wide)
• Standard Operating Procedures (i.e. system installation guidelines, restore procedures, login procedures that include server names) per system
• Incident Ticketing System SOP
• Call Tree (Stakeholder phone numbers (call & SMS), email addresses, work phone & personal (confirm we can this)
• Quick Start Guides per systems
• Network Diagrams per systems
• System Architecture per systems
• Step by Step “How To” guides
  • Access Remote VPN
  • Update Telephone Recording to All users
• “What I need to know” documents
• Prior Recovery Testing Report or incident report (after COOP)
• Disaster Recovery Plan
• COOP Plan
• COOP Site
  • COOP Onsite Network Diagram – which would include laps, wireless Wide Area Network (WAN) setup. Location address, COOP Exercise Phones and phone numbers – (i.e. 2 phones with extension)
  • COOP Computers (Laptops) — Maintain current laptops, in specially marked cabinet, moveable cabinet, which are always on the internal network so that machines maintain current patches; COOP switch
  • Identify and communicate location within the COOP site that the team will congregate – Wireless LAN will be needed in there
  • Incident Ticketing System SOP – Web Version url
  • Step by Step “How To” guides for accessing
    • Access Remote VPN
    • Update Telephone Recording that All users will receive
  • Building Entry Approval
    • Access to the COOP Location building is often limited. Protection or other entity would need to approve your entry to the building
  • Contact Lists
    • Need a full list of all persons who can immediately respond to login issues
    • Primary and backup persons who can unlock blocked PIV cards a blocked (i.e. Protection has limited number of persons who can do this.
  • Communication Template
    • Activate COOP (Templates)
      • Activation email (Instructions including COOP Level)
      • Basic Requirements Memo
      • Continuity Requirements by COOP Level (levels explained)
      • Communications Test Matrix (Landline, Phone (SAT & Mobile SAT), FAX)
    • Communication Announcement (via phone) All employee – Go to COOP Site. Go to Normal Location