CP-1—Contingency Planning Policy And Procedures

PBMM (P1)

Secret (P1)

Operational

>Control Description

(A) The organization develops, documents, and disseminates to ⚙organization-defined personnel or roles: (a) A contingency planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (b) Procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls. (B) The organization reviews and updates the current: (a) Contingency planning policy ⚙organization-defined frequency; and (b) Contingency planning procedures ⚙organization-defined frequency. (AA) The organization develops an audit cycle for the contingency plan program as the basis of regular reporting to TBS.

>Supplemental Guidance

This control is intended to produce the policy and procedures that are required for the effective implementation of selected security controls and control enhancements in the contingency planning family. The contingency planning policy and procedures are consistent with GC legislation and TBS policies, directive, and standards. Existing organizational policies and procedures may make additional specific policies and procedures unnecessary.

The contingency planning policy can be included as part of the general information security policy for the organization. Contingency planning procedures can be developed for the security program in general and for a particular information system, when required. The organizational risk management strategy is a key factor in the development of the contingency planning policy.

>Tailoring Guidance

This security control/enhancement is considered to be best practice. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

>Profile-Specific Parameters

(A) (B) frequency [at a frequency no longer than annually]

Ask AI

Configure your API key to use AI features.