Use a Safety Net

Telework and network access are critical to continuity of operations, IT officials say.

When more than 150 federal information technology decision-makers were asked by Forrester Research Inc. to select their top tech-related themes for 2007, upgrading disaster recovery capabilities ranked the highest. More than 60 percent said it was their most pressing priority, followed by mobility initiatives and upgrading security.

Perhaps the reason is a little thing called Homeland Security Presidential Directive 20-an order circulated last year by President Bush that calls for a comprehensive national policy on the stability of government structures and operations. A mandate for continuity of operations planning, or COOP, followed a string of related regulations aimed at helping agencies bounce back quickly after a terrorist attack, tornado, fire or flood.

HSPD-20 lays out a number of continuity requirements for departments and agencies, including the assurance that vital resources, facilities and records are safeguarded and official access to them is provided. Critical communications capabilities must be made available at alternate sites to ensure connectivity among key government leaders, offices and the public.

To gauge COOP effectiveness, the Government Accountability Office examined eight agencies that took part in a wide-ranging June 2006 exercise that let them put their preparedness plans to work. At the request of House Oversight and Government Reform ranking member Rep. Tom Davis, R-Va., the watchdog agency analyzed materials and conducted interviews and found that planning efforts were lacking.

The Federal Emergency Management Agency, the Homeland Security Department arm responsible for helping agencies develop COOP plans, should have done more, according to GAO's report (GAO-08-185). While FEMA encouraged documentation, it failed to require participating agencies to report their activities during the exercise. Without adequate records of what has been tested, agencies lack assurance that they have prepared for a real emergency situation, GAO says. DHS agreed with the report and promised to refine its assessment program.

Heightened adoption of telework practices could be part of a winning COOP plan, and pending legislation could give agencies the incentive. The bill, sponsored by Rep. Danny K. Davis, D-Ill., would allow authorized federal employees to telework at least 20 percent of the time during a two-week period. The proposal, which awaits action by the Oversight and Government Reform Committee, preceded an Office of Personnel Management report released in December 2007 that showed telework numbers are down.

According to the study, 110,592 employees telecommuted and more than half did so multiple times per week. While telework increased at more than half the 49 agencies studied, about 10,000 fewer workers telecommuted at least one day per month in 2006 than in 2005. The number of agencies that integrated telework into emergency planning grew to 42 percent from 35 percent in 2005.

A March report by IT solutions provider CDW-G showed federal employees' ability to work remotely during a natural or man-made disaster has declined, with 59 percent of workers indicating they could telework during a disruption, down from 75 percent in 2007. In the private sector, continuity of operations capability increased but still trails government. About 46 percent of respondents said they could work during a disruption, up from 33 percent in 2007. The value of telework to continuity of operations is clear, CDW-G's report stated. More than half of federal employees who can continue working during a disruption indicated that they are eligible to telework. In the private sector, the benefit is even more dramatic, with more than 70 percent reporting that their company has a telework program.

"Continuity of operations alone could justify the investment, and improved employee satisfaction is icing on that cake," says Ken Grimsley, CDW-G's vice president of strategic sales. "Still, many businesses remain unprepared for recovery from disruptions or are failing to take advantage of affordable, advanced security technologies that are justifiable even without telework. We have a long way to go."

A sample continuity and disaster preparedness plan is posted on Homeland Security's Web site, Ready.gov. Some pointers:

  • If your primary location is not accessible, determine where you'll be working.
  • Assign a primary crisis manager and a backup if that person is unavailable.
  • Determine what natural and man-made disasters could affect business.
  • Make a list of those who will participate in emergency/crisis planning.
  • Select several people from neighboring offices to assist in emergency/crisis planning.
  • Create a list of critical operations, staff and procedures for recovering from a disaster.

Ready.gov also recommends drafting an evacuation plan that details how many times a year the procedures and warning systems are tested and where to go if leaving the workplace is required. Also, designate a shutdown manager and an all-clear official to let people know when it is safe to return. When it comes to protecting networks and infrastructure, determine how you will protect hardware and software, Ready.gov says. Formulate a plan in the event that computers are destroyed, detailing the location of backup computers and how they would be accessed. Make someone responsible for backing up critical data, including payroll and accounting records, as well as copies of the preparedness plan, site maps and insurance policies.

Andrew Noyes is a reporter for National Journal's CongressDaily.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.