{"id":1165,"date":"2024-07-17T16:23:15","date_gmt":"2024-07-17T16:23:15","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1165"},"modified":"2025-02-12T18:14:45","modified_gmt":"2025-02-12T18:14:45","slug":"cp-1-contingency-planning-policy-and-procedures","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/contingency-planning-cp\/cp-1-contingency-planning-policy-and-procedures\/","title":{"rendered":"CP-1: Contingency Planning \u2013 Policy and Procedures"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CP-1: Contingency Planning \u2013 Policy and Procedures<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>02\/12\/2025<\/h2>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Purpose &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The Contingency Planning Policy and associated controls describe the requirements for written plans to minimize the effects of a disaster and either maintain or quickly resume mission-critical information technology functions.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Scope and Roles &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>This policy applies to information resources owned or managed by Tarleton State University (Tarleton). The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Compliance &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Contingency plans for information resources are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a> and Texas A&amp;M University System (TAMUS) <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\">Regulation 29.01.03, Information Security<\/a>.&nbsp; Information resource contingency plans are a component of the Tarleton Business Continuity Plan, which is a component of the Texas A&amp;M University System Offices Business Continuity Plan which is required by <a href=\"https:\/\/policies.tamus.edu\/34-07-02.pdf\">TAMUS Regulation 34.07.02, Business Continuity Plans<\/a>, and Texas Labor Code <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/LA\/htm\/LA.412.htm#412.054\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7412.054<\/a>.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Implementation &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Tarleton CISO, in coordination with information resource owners, shall develop, document, and disseminate to units a policy and set of controls that addresses the Contingency Planning Policy for information resources. These controls and policy should:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and&nbsp;<\/li>\n\n\n\n<li>Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Information resource owners and custodians are responsible for any procedures to facilitate the implementation of the Contingency Planning Policy and associated controls;&nbsp;&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>The Contingency Planning Policy and procedures should align with the <a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/12\/34_07_01_t0_01.pdf\">Tarleton Emergency Operations Plan<\/a> and Tarleton Business Continuity Plan as required by Texas A&amp;M University System (TAMUS) <a href=\"https:\/\/policies.tamus.edu\/34-07-01.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 34.07.01, Emergency Operations Plans<\/a>, and <a href=\"https:\/\/policies.tamus.edu\/34-07-02.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">TAMUS Regulation 34.07.02, Business Continuity Plans,<\/a> respectively;&nbsp;<\/li>\n\n\n\n<li>The CISO, or their designee, shall review and update the Contingency Planning Policy controls as necessary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=24#:~:text=%C2%A0%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.24 (a)(2)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74#:~:text=%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.74 (a)(2)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/LA\/htm\/LA.412.htm#412.054:~:text=Sec.%20412.054.%20%20CONTINUITY%20OF%20OPERATIONS%20PLAN.\" target=\"_blank\" rel=\"noreferrer noopener\">Section 412.054, Labor Code<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/34-07-02.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">TAMUS Regulation 34.07.02<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/12\/34_07_01_t0_01.pdf\">Tarleton SAP 34.07.01.T0.01<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CP-1: Contingency Planning \u2013 Policy and Procedures NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: \u00a002\/12\/2025 Purpose &#8211;&nbsp;&nbsp; The Contingency Planning Policy and associated controls describe the requirements for &#8230;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1394,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1165","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 1 year ago"},"absolute_dates":{"created":"Posted on July 17, 2024","modified":"Updated on February 12, 2025"},"absolute_dates_time":{"created":"Posted on July 17, 2024 4:23 pm","modified":"Updated on February 12, 2025 6:14 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1165"}],"version-history":[{"count":2,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1165\/revisions"}],"predecessor-version":[{"id":2647,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1165\/revisions\/2647"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}