Part 10. Security, Privacy and Assurance
Chapter 6. Continuity Operations
Section 1. Overview of Continuity Planning
10.6.1 Overview of Continuity Planning
Manual Transmittal
March 21, 2022
Purpose
(1) This transmits revised IRM 10.6.1, Continuity Operations Program, Overview of Continuity Planning, catalogue number 59988F.
Material Changes
(1) IRM 10.6.1 is revised as follows:
List of Essential Supporting Activities includes General Legal Services for Chief Counsel
(2) Sections added to conform to Publishing requirements.
(3) Editorial changes were made to provide clarity.
Effect on Other Documents
This updates IRM 10.6.1, Continuity Operations Program, Overview of Continuity Planning, dated March 11, 2020, and supports IRMs 10.6.2, 10.6.3, 10.6.4, 10.6.5, and 10.6.6.
Audience
IRM 10.6.1 applies to all Business Unit personnel responsible for continuity planning activities, including, managing day-to-day continuity programs, and developing, exercising, executing and maintaining viable continuity plans and procedures.
Effective Date
(03-21-2022)
Pablo F. Meléndez
Chief, Business Continuity Operations Officer, Deputy Chief of Staff Office C:CoS:DCoS:
IRS Continuity Coordinator
Program Scope and Objectives
(1) Purpose.
Continuity planning includes IRS activities and efforts to document and ensure that the IRS is capable of continuing its Mission Essential Functions (MEFs) and Essential Supporting Activities (ESAs) during a wide range of potential emergencies.
The IRS continuity plans and supporting procedures, when implemented, will provide for the continued performance of IRS essential and other functions under all circumstances.
This manual provides policies and guidance to be used by IRS organizations to carry out their respective roles and responsibilities in continuity planning. It provides guidance for developing viable and executable continuity plans and procedures.
These provisions apply to all Business Units (BUs) within the IRS.
(2) Audience. These procedures apply to IRS employees who are responsible for developing, implementing, and using the Business Unit Continuity Plans including:
Members of SCR Continuity Operations and Field Operations;
Members of Headquarters Continuity Operations (COOP) Teams;
National Continuity Points of Contact (NCPOCs);
Local Continuity Representatives (LCRs).
(3) Policy Owner. The IRS Continuity Coordinator is the Business Continuity Operations Officer of the Deputy Chief of Staff Office of the Commissioner’s Complex.
(4) Program Owner. The Program Manager of Continuity of Operations of the Senior Commissioner’s Representatives within the Deputy Chief of Staff Office.
(5) Stakeholders. All audience listed above plus all other Continuity Planners.
Background
(1) Continuity planning is a good business practice, part of the fundamental mission of IRS as a responsible and reliable public institution. The changing threat environment and recent emergencies, including localized acts of nature, accidents, technological emergencies, and terrorist attack-related incidents, have increased awareness of the need for continuity capabilities and plans that will enable the IRS to continue its MEFs across a broad spectrum of emergencies.
(2) Continuity planning applies to a wide range of potential emergencies or threats, including natural disasters, accidents, technological failures, workplace violence, and terrorism. Some of these hazards may produce emergencies that render a single facility unusable for a period of time, such as a local water main break or hazardous material incident. Others may result in more severe and widespread emergencies such as a major national or regional disaster.
(3) The primary goal of the IRS continuity planning efforts is to ensure the continuation of IRS MEFs and ESAs under all circumstances. This is accomplished through the development of comprehensive plans, procedures, and provisions for alternate facilities, personnel, resources, interoperable communications, and Essential Records.
(4) Continuity planning prepares the IRS for disaster prevention, response, and recovery and for the IRS to maintain viability of its MEFs and ESAs during and following an emergency or continuity event.
Authority
(1) PPD 40, National Continuity Policy, directs the Secretary of Homeland Security through the Administrator of the Federal Emergency Management Agency (FEMA) to coordinate the implementation, execution, and assessment of continuity activities among Federal Executive Branch Departments and Agencies (D/As). Specifically, the Administrator of FEMA is directed to develop and promulgate Federal Continuity Directives to establish continuity program and planning requirements for Federal Executive Branch (D/As).
(2) Federal Continuity Directive 1 (FCD-1) U.S. Department of Homeland Security Federal Emergency Management Agency Federal Continuity Directive 1, dated January 17, 2017, implements the requirement of PPD 40 by establishing the framework, requirements, and processes to support the development of Federal Executive Branch (D/As) continuity programs and by specifying and defining elements of a continuity plan.
(3) Federal Continuity Directive 2 (FCD-2), Federal Executive Branch Mission Essential Function and Primary Mission Essential Function Identification and Submission Process dated June 13, 2017, implements the requirements of FCD-1, annex B (Essential Functions), and provides direction and guidance to Federal Executive Branch (D/As) to assist in validation of Mission Essential Functions (MEFs) and Primary Mission Essential Functions (PMEFs)
(4) These authorities can be found on the FEMA website, and searching for FCD-1 and FCD-2.
Responsibilities
(1) The IRS will implement roles and responsibilities that ensure the continuing performance of its MEFs and ESAs under all circumstances.
(2) The following roles and responsibilities are based on the National Continuity Policy (PPD-40), National Continuity Policy, Homeland Security Presidential Directives, Federal Continuity Directives, and the Department of the Treasury’s (Treasury’s) policies and guidance.
(3) IRS employees are responsible for following guidelines in IRM 10.5.1 Privacy and Information Protection, Privacy Policy to safeguard employee privacy.
(4) Roles and responsibilities are not delegable unless documented as Orders of Succession on a Continuity Registry.
Agency Head
(1) As the Agency Head, the National Continuity Policy assigns the IRS Commissioner responsibilities for overseeing:
The establishment of an IRS Continuity Program;
Continued performance of IRS MEFs and ESAs;
Incorporation of continuity requirements into daily IRS operations;
That IRS has continuity plans for dealing with a national or localized emergency situation and ensuring continued performance of IRS MEFs and ESAs;
Appointment of a senior accountable official as the IRS Continuity Coordinator;
Validation and approval of IRS MEFs and ESAs;
A viable Continuity Multi-Year Strategy and Program Management Plan;
Maintenance of secure continuity communications capabilities;
That IRS MEFs and ESAs interdependencies are coordinated within IRS, at the interagency level, and with private sector partners;
The participation in Treasury’s National Exercise Program;
As required, the submission of Continuity Readiness Reports and other reports, through designated channels (the Readiness Reporting System);
The development of a Continuity Assessment Program to assist in documenting, prioritizing, and resourcing continuity issues during test, training, and exercise, assessments, and emergency operations;
The evaluation of IRS continuity program readiness to ensure the adequacy and capability of its continuity plans and programs;
The promulgation of and dissemination of continuity guidance to all IRS subordinate organizational elements including field offices;
The emphasis of geographic dispersion of leadership, staff, and infrastructure, as appropriate, in order to increase survivability and maintain uninterrupted government functions;
The execution of IRS continuity plans and compliance with the requirements and assigned responsibilities under the Continuity of Government Readiness Condition (COGCON) program;
The participation in testing, as appropriate, to ensure viability of communications systems.
(2) In accordance with the National Continuity Policy, as the Agency Head, the IRS Commissioner will, on an annual basis oversee:
That key IRS leaders and support staff are provided familiarization training of IRS MEFs and ESAs;
The conducting of tests, training, and exercises of the IRS continuity plans, to include continuity personnel and essential IT systems and equipment, in order to evaluate program readiness and ensure adequacy and viability of continuity plans and communications systems.
(3) The above Agency Head responsibilities will be clearly outlined in IRS continuity plans and internal documents.
IRS Business Unit Head of Office
(1) Each IRS Business Unit (BU) Head of Office (Commissioner, Director, or Chief) is responsible for:
Certifying their BU Continuity Plan annually;
Meeting annually with the BU National Continuity Point of Contact (NCPOC) to discuss yearly continuity requirements;
Participating in required Test, Training, and Exercises including Eagle Horizon National Level Exercise.
(2) Each BU Commissioner, Director, or Chief will receive a quarterly dashboard of continuity status.
IRS Continuity Coordinator
(1) The Chief, Business Continuity Operations Officer is the IRS Continuity Coordinator.
(2) The responsibilities of IRS Continuity Coordinator include:
Managing, overseeing, and ensuring the readiness and compliance of the IRS Continuity Program;
Coordinating and managing all activities required for the IRS to perform its MEFs and ESAs during an emergency or other situation that would disrupt normal operations;
Developing the IRS Continuity Program short- and long-term goals and objectives;
Working with the executive leadership of the IRS BUs to complete the IRS MEFs and ESAs identification and analysis process;
Identifying and assisting with resolving issues related to continuity plans development, activation, implementation, and reconstitution;
Assisting with the identification of continuity planning team members;
Acting as liaison between the IRS continuity planning team and executive leadership of the IRS BUs;
Coordinating with IRS BUs on emergency preparedness and response issues;
Ensuring the preparation and maintenance of emergency preparedness and post disaster response and recovery plans;
Preparing and maintaining current rosters of IRS headquarters continuity or emergency response personnel who will assist in disaster operations;
Coordinating appropriate training for continuity or emergency response personnel.
IRS Continuity Program Manager
(1) The IRS Continuity Program Manager represents the IRS to Treasury in all matters of Continuity Preparation and Emergency Response.
(2) The IRS Continuity Program Manager will:
Manage and oversee all IRS Continuity Operations (COOP) Activities;
Serve as IRS Liaison to Treasury’s Office of Emergency Program (OEP);
Represent IRS at Treasury’s Monthly Emergency Planners’ Roundtable Meetings.
(3) The IRS Continuity Program Manager must have a current Secret Security Clearance.
Emergency Response Team
(1) Any member of the Continuity Community (Local Continuity Representatives - LCRs, Incident Management Team - IMT, Senior Commissioner’s Representatives - SCR, or others as necessary) may be considered part of the ERT.
(2) Members of the Emergency Response Team are required to be familiar with and follow guidelines for their roles in support of emergency response.
(3) For more information, see IRM 10.6.4 Incident Management Program and IRM 1.4.12 Resource Guide for Managers, Senior Commissioner’s Representatives Roles in Management of IRS Field and Headquarters.
Senior Management/Executives
(1) The role of the Senior Management Team is to serve as a resource to the Local Continuity Representative during an incident. The team is responsible for providing the LCR logistical, managerial, administrative guidance from a Senior Management Level as a method of assisting the LCRs to represent the BU on the incident management team as needed.
(2) Each member of the Senior Management Team should be well versed in the BU’s continuity plan. The team is required to fully participate with the BU Senior Leadership Tabletop, and any other continuity exercises as applicable. All members of the Senior Management Team members should be listed in the BU HQ COOP Roster or appropriate roster with their name, position, and full contact information. Also, detail instructions should be included regarding activation so the LCRs can successfully implement the Continuity Plan.
(3) The senior management/executive responsible for a BU is responsible for:
Designating BU representatives to occupy the first, second and third positions of the Headquarters COOP Teams (CCCT, AACLT and CST);
Identifying a suitable primary and alternate National Continuity Points of Contact (NCPOCs) who are geographically dispersed and appointed to ensure continuity requirements are met within their respective BU. Appointees must have knowledge of BU operations and an overall high-level acumen enabling them to perform all levels of continuity related tasks;
Identifying and/or approving primary, alternate and geographically dispersed second alternate LCRs to represent their BU on the Incident Management Team (IMT);
Ensuring that IRS continuity policies, guidance, and procedures are implemented and followed;
Managing their organization’s day-to-day continuity programs;
Ensuring they are capable of carrying out their respective MEFs, ESAs, and Business Priorities related to continuity operations, including planning, activation, execution, and reconstitution;
Planning for continuity capabilities;
Ensuring that comprehensive and viable continuity plans are developed, exercised, implemented, and maintained.
(4) All Senior Management/Executive vacancies on the HQCOOP must be filled by the BU (either permanently or with an actor) within 30 days of notification of the vacancy;
(5) The senior management/executive responsible for a BU will, at a minimum:
Identify and prioritize the MEFs and ESAs within their organization;
Identify mission critical data, Essential Records, and systems needed to perform MEFs or ESAs;
Establish critical resource requirements needed to perform each MEF or ESAs;
Identify communications systems needed to support each MEF or ESAs;
Develop recovery or resumption strategies for each identified MEF or ESAs;
Establish a roster of knowledgeable key personnel to serve on continuity operations or recovery teams;
Establish orders of succession to key leadership positions within their organization;
Pre-delegate authorities for making policy determinations and decisions within their organization, as appropriate;
Establish and periodically (at least annually) test the capability to perform their MEFs and ESAs.
(6) The senior management/executive responsible for a BU will ensure that required continuity information is complete and accurate in the appropriate continuity plans and procedures.
Business Unit Continuity Personnel
(1) Each BU Chief or Director shall select a primary and alternate NCPOC who are geographically dispersed.
(2) Each NCPOC working with Business Unit leadership will be responsible for appointing Continuity Planners (CPs) and LCRs.
(3) Each member of any Continuity Team should have sufficient knowledge of personnel and processes to ensure timely completion of responsibilities. Each should also have sufficient authority to be able to represent their BU in all continuity matters.
National Continuity Points of Contact
(1) NCPOCs are appointed by each BU to represent the BU in all areas of Continuity.
(2) Unless an exception is granted by SCR-CO:CO, each BU must have a primary and an alternate NCPOC named as a minimum. Any exceptions will be considered on an individual BU level, and will be based on the size of the BU or lack of geographic dispersion;
(3) All NCPOC vacancies must be filled by the BU within 30 days of notification of the vacancy;
(4) NCPOCs will:
Be the primary point of contact for BU Leadership in ensuring continuation of the MEFs and ESAs should a significant incident occur;
Ensure the BU’s continuity plan is developed and maintained;
Initiate employee accountability during an event that spans multiple SCR areas;
Lead and oversee the applicable continuity test and exercises;
Participate in COOPWG meetings;
Coordinate selection of LCRs and Continuity Planners (CPs) and ensure the swift identification of a replacement for a departing LCR;
Be the BU's conduit with SCR-CO:CO on all COOP matters
Meet with their Business Unit (BU) Commissioner, Director, or Chief annually and provide documentation to SCR-CO:CO;
Meet with newly appointed BU Commissioners, Directors, or Chiefs within 90 days of appointment and provide documentation to SCR-CO:CO.
(5) All NCPOCs must complete training in Integrated Talent Management (ITM), Course 53521 National Continuity Point of Contact (NCPOC) Training, within 30 days of notification of appointment.
Continuity Planners
(1) Continuity planners at all levels have the responsibility of fully understanding their organization and monitoring the direction, guidance, and best practices of the government and private sector in order to develop the most relevant continuity plans.
(2) Continuity planners may:
Serve as continuity coordinators for their respective business, operating, or functional unit;
Work with their BU NCPOCs on continuity activities;
Participate in the business process analysis used to identify IRS MEFs and ESAs;
Represent their unit on continuity committees or working groups, as appropriate.
Local Continuity Representatives
(1) LCRs represent the BU for emergency response and Continuity Purposes.
(2) Each IRS BU must identify a primary, first alternate, and second alternate LCR (one of which must be geographically dispersed) for each Incident Commander’s geographical area where employees are located. The second alternate requirement is waived for BUs with less than 100 employees.
(3) To prevent any potential mishandling or confusion during an emergency LCR selections should not include individuals who perform other roles within an IMT.
(4) All LCR vacancies must be filled by the NCPOC within 30 days of notification of the vacancy;
(5) The primary role of an LCR is to conduct employee accountability. LCRs will also:
Implement the BU’s Continuity Plan;
Activate the recovery teams;
Represent and serve as on-site spokesperson for their BU as members of the Incident Management Team’s Operations Section.
(6) LCRs need to be familiar with processes and operations of their BUs, geographic distribution of the BU employees in their areas, and BU Continuity Plans.
(7) All LCRs must complete training in ITM, Courses 32294 Introduction to Continuity Planning and 29959 LCR Roles and Responsibilities within 30 days of notification of appointment.
Program Manager, Continuity Operations
(1) The Program Manager, Continuity Operations (CO) is designated to be the IRS Continuity Program Manager.
(2) The Program Manager, CO is responsible for developing and maintaining IRS-wide continuity planning and emergency preparedness policy, guidance, and procedures.
(3) The Program Manager, CO will:
Direct the standard of Continuity Readiness of each BU by issuing annual Requirements at the beginning of each fiscal year to each business unit;
Evaluate, as appropriate, the BU’s self-assessments of their Continuity Plans, Test and Exercises conducted, Training, and remediation of Corrective Actions, and any other relevant issues at that time that indicate Continuity Readiness;
Maintain training and certification for all members of the Continuity community;
Certify to Treasury an annual certification which declares that IRS sustains a continuity capability by maintaining the needed continuity plans and by participating in annual continuity exercises (see IRM 10.6.5Annual Certification Requirements).
Program Reports
(1) Test and Exercise Completion Rate (monthly) tracks the completion of scheduled test and exercises by each BU. The goal is 80%.
(2) Test and Exercise Corrective Action (monthly) tracks the timely closing of Corrective Actions resulting from the tests and exercises. The goal is 80%.
(3) COGCON Changes (quarterly) tracks the HQCOOP members response rate for notification of COGCON (Continuity of Government Readiness Condition). The goal is an 80% response rate.
(4) GETS Testing (quarterly) tracks the user test and test success rate of GETS and WPS Cards Servicewide. The goal is 80%.
(5) WPS Testing (quarterly) tracks the user test and test success rate of GETS and WPS Cards Servicewide. The goal is 80%.
(6) Satellite Phone Testing (quarterly) tracks the user test and test success rate of Satellite phones Servicewide. The goal is 80%.
(7) Incident Corrective Action (monthly) tracks the opening and timely closing of Corrective Actions resulting from an incident in which an After Action Report is created. The goal is 80% completed timely.
(8) Training Completion (monthly) tracks the completion of required training in ITM by LCRs and NCPOCs. The goal is 80% completed timely, which is 30 days from appointment.
(9) Continuity Plan Review (monthly) tracks annual updates of the Continuity Plans by the business units. Ten elements are tracked (see IRM 10.6.2 Continuity Plan Requirements). The goal is 80%.
(10) NCPOC and LCR Fill Rate (monthly) tracks how well the BUs keep their continuity positions filled. The goal is 80%.
Terms
(1) The following definitions apply for all IRMs 10.6.1 through 10.6.6:
A |
Activation – When a continuity plan has been implemented whether in whole or in part. |
Agencies – Departments and agency (D/As) are those executive departments enumerated in 5 U.S.C.§ 101 and independent establishments as defined by 5 U.S.C. § 104(1), Government corporations as defined by 5 U.S.C. § 103(1), and the United States Postal Service. D/As, commissions, bureaus, boards, and independent organizations are referred to in this document as "organizations". |
Agency Head –The highest-ranking official of the primary occupant agency or a successor or designee selected by the official. |
Alert – Advance notification that an emergency or disaster situation may occur. |
All-hazards – The spectrum of all types of hazards including accidents, technological events, natural disasters, terrorist attacks, warfare, and chemical, biological including pandemic influenza, radiological, nuclear, or explosive events. |
Alternate Facility – A location, other than the primary facility, used to carry out mission essential functions, particularly during a continuity event. 1) Alternate operating location to be used by business functions when the primary facilities are inaccessible. 2) Another location, computer center or work area designated for recovery. 3) Location, other than the main facility, that can be used to conduct business functions. Also refers to non-traditional options such as working at home, teleworking, and mobile office concepts. |
Alternate Locations – Fixed, mobile, or transportable locations, other than the headquarters facility, where D/A leadership and continuity personnel relocate in order to perform essential functions following activation of the continuity plan. These include locations to which agency leadership may devolve. These locations refer to not only locations sites but also work arrangements such as telework and mobile work. |
B |
Business Continuity – Ability of an organization to ensure continuity of service and support to its customers and to maintain its viability before, after and during an emergency. Also known as Continuity. |
Business Continuity Plan (BCP) – An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity operations through personnel training, plan testing, and maintenance. The IRS BCP contains a suite of plans, Occupant Emergency Plan, Incident Management Plan, Business Resumption Plan, and Disaster Recovery Plan. Also known as Continuity Plan. |
Business Continuity Planning – A process to safeguard the entire enterprise from the effects of a business interruption and ensure business operations continue. Also known as Continuity Planning. |
Business Impact Analysis (BIA) – Process of analyzing individual business functions and the effect that a specific disaster or crisis may have upon them. A BIA identifies the resources required to support these functions. The BIA should quantify the expected financial losses and other business impacts, based upon duration, for each threat and vulnerability faced. A BIA is used to help determine Recovery Point and Time Objectives. |
Business Process Analysis (BPA) – Method of examining, identifying, and mapping the functional processes, workflow, activities, personnel expertise, systems, data, and facilities inherent to the execution of a function or requirement. |
Business Process Priority (BPP) – Category of Government Functions that are important and urgent to accomplish the BU’s mission in support of the MEF, but accomplishing the BPP does not complete the mission or deliver the services the agency was created to accomplish. |
Business Resumption Plan (BRP) – See Continuity Plan. |
C |
Call-Tree – Document that graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation. |
Capabilities – A combination of resources that provide the means to achieve a measurable outcome resulting from performance of one or more critical tasks, under specified conditions and performance standards. |
Catastrophic Emergency – Any incident, regardless of location, that results in extraordinary levels of mass casualties, damage, or disruption severely affecting the U.S. population, infrastructure, environment, economy, or government functions. |
Category – Refers to the categories of D/As listed in PPD-40, Annex A. |
Cold Site – A facility that is neither staffed nor operational on a daily basis. Telecommunications, IT equipment, and infrastructure is typically present at the location, however, teams of specialized personnel must be deployed to activate the systems before the site can become operational. Basic infrastructure and environmental controls are present (such as electrical and heating, and ventilation and air conditioning systems), yet systems are not continuously active. |
Command Center – Facility separate from the main facility, equipped with adequate communications equipment from which initial recovery efforts are coordinated. The management team uses this facility to coordinate the recovery process; its use continues until the disaster (crisis) is contained. |
Command, Control, and Coordination – Crisis Management process: Command means the authority for an organization or part of an organization to direct the actions of its own resources (both personnel and equipment). Control means the authority to direct strategic, tactical and operational operations in order to complete an assigned function. This includes the ability to direct the activities of others engaged in the completion of that function, that is, the crisis as a whole or a function within the crisis management process. The control of an assigned function also carries with it the responsibility for the health and safety of those involved. Coordination means the integration of the expertise of all the agencies/roles involved with the objective of effectively and efficiently bringing the crisis to a successful conclusion. |
Communications – Voice, video, and data capabilities that enable leadership and staff to conduct the mission essential functions of the organization. Robust communications help ensure that the leadership receives coordinated, integrated policy and operational advice and recommendations and will provide the ability for governments and the private sector to communicate internally and with other entities (including with other Federal agencies, state, local, territorial, and tribal governments, and the private sector) as necessary to perform their mission essential functions. |
Component – A sub-organization or directorate that supports HQ leadership in the performance of PMEFs and/or MEFs, by performing those MEFs and/or ESAs required to complete a PMEF or NEF. Examples of a component could be an agency, bureau, regional office, district office, and/or a local office. |
Consumable Office Supplies – General supplies that are consumed in office use. |
Contact List –A list of team members and/or key players to be contacted during a disaster (crisis). This list should include the alternates for each primary team member (notification list). |
Contingency Planning – The process of developing plans and procedures that enable an organization to respond to events that could evolve into a prolonged outage. |
Continuity – An uninterrupted ability to provide services and support, while maintaining organizational viability, before, during, and after an event. |
Continuity Advisory Group (CAG) – A sub-continuity policy coordination committee focused on interagency implementation of continuity programs. The CAG is comprised of Continuity Coordinators, or their designees, from Category I, II, III, and IV organizations. Key state and local government representatives from the National Capital Region, and representatives from the legislative and judicial branches are invited to participate in meetings, as appropriate. |
Continuity Capability – The ability of an organization to continue performance of its essential functions, utilizing Continuity of Operations and Continuity of Government programs and continuity requirements that have been integrated into the organization’s day-to-day operations with a primary goal of ensuring the preservation of our form of government under the Constitution and the continuing performance of National Essential Functions under all conditions. Built upon the foundation of continuity planning and continuity program management, the key pillars of a continuity capability are leadership, staff, communications, and facilities. |
Continuity Coordinator – Serves as the agency’s manager of all continuity activities. Has responsibility for developing, coordinating, and managing all activities for the agency to perform its mission essential functions during an emergency or situation that would disrupt normal operations. |
Continuity Event – Event that causes an agency to relocate operations to an alternate site to assure continuance of its mission essential functions. |
Continuity of Government (COG) –A coordinated effort within the Federal Government’s executive branch to ensure that the National Essential Functions continue to be performed during a catastrophic emergency. |
Continuity of Government Readiness Condition (COGCON) – The COGCON is a system for establishing, measuring, and reporting the readiness of executive branch continuity programs, which is independent of other Federal Government readiness systems. |
Continuity of Operations (COOP) – Activities and efforts within individual agencies to ensure that they can continue to perform their MEFs and PMEFs during a wide range of emergencies, including localized acts of nature, accidents, and technological or attack-related emergencies. |
Continuity Manager – The Senior Continuity Planner responsible for managing day-to-day continuity programs, representing his/her D/A on the Continuity Advisory Group and working groups, as appropriate, and reporting to the Continuity Coordinator on all continuity program activities. |
Continuity Personnel – Those personnel, both senior and core, who provide the leadership advice, recommendations, and the functional support necessary to continue mission essential operations. |
Continuity Plan (CP) – An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity operations through personnel training, plan testing, and maintenance. The IRS BCP contains a suite of plans: Occupant Emergency Plan, Incident Management Plan, Business Resumption Plan, and Information Systems Contingency Plan. Also known as Business Continuity Plan (BCP). |
Continuity Plan Maintenance – Steps taken to ensure the continuity plan is reviewed and updated at some predetermined time period and whenever major changes occur. |
Continuity Planning Team – Team that is responsible for continuity planning for the agency. This team requires a good mix of organization professionals and includes members from all levels of management and staff. It also includes members from various divisions of the agency, including those not directly related to the mission, such as human resources. Team members should act as continuity planners or coordinators for their respective functions, elements, or divisions. |
Continuity Program –Program composed of activities and efforts within individual agencies to ensure that their MEFs continue to be performed during a wide range of emergencies, including localized acts of nature, accidents, and technological or attack-related emergencies. These activities and efforts include plans and procedures, under all readiness levels, that delineate essential functions, specify succession to office and emergency delegations of authority, provide for the safekeeping of vital records, identify a range of continuity facilities and locations, provide for interoperable communications, provide for human capital planning, validate these capabilities through tests, training, and exercises, specify a devolution of control and direction, and provide for reconstitution. |
Continuity Program Management Life Cycle – Ongoing, cyclical model of planning, training, evaluating, and implementing corrective actions for continuity capabilities. |
Continuous Operations – Ability of an organization to perform its processes without interruption. |
Corrective Action Program (CAP) – An organized method to document and track improvement actions for a program. |
Crisis – A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization’s profitability, reputation, or ability to operate. |
Crisis Management – The overall coordination of an organization’s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization’s profitability, reputation, or ability to operate. |
Critical Functions – Business activities that cannot be interrupted or unavailable for a period of time without significantly jeopardizing the operation of the organization. |
Critical Infrastructure – Systems and assets so vital to the Nation that their incapacity or destruction would have a debilitating impact on national security, national economic security, and/or national public health or safety. |
Critical Infrastructure Protection (CIP) – Risk management actions intended to prevent a threat from attempting to or succeeding at destroying or incapacitating critical infrastructures. |
Critical Resources – In the context of continuity planning, the minimum resource requirements needed to perform or restore an agency’s essential functions. Critical resources may include facilities, communication systems, personnel, vital records and databases, vital systems and equipment, and key vendors. |
D |
Damage Assessment – Process of assessing damage to computer hardware, vital records, office facilities, etc. and determining what can be salvaged or restored and what must be replaced following a disaster. |
Deferred Business Priority - Category of Government Function that does not have statutory or regulatory requirements, nor is required for an MEF, and therefore may be reconstituted when resources are available. |
Delegation of Authority – Identification, by position, of the authorities for making policy determinations and decisions at headquarters, field levels, and all other organizational locations. Generally, pre-determined delegations of authority will take effect when normal channels of direction are disrupted and terminate when channels have resumed. |
Devolution –The capability to transfer statutory authority and responsibility for mission essential functions from an agency’s primary operating staff and facilities to other employees and facilities, and to sustain that operational capability for an extended period. |
Devolution of Authority –The passing of an unexercised right, devolution of authority is an essential planning requirement for departments and agencies manifested as a formal list of personnel who are pre-delegated the authority and responsibility to assume leadership of organizational elements within a department or agency with the approval of the department or agency head. |
Devolution Emergency Response Group (DERG) – Personnel stationed at a geographically dispersed location, other than the primary location, who are identified to continue performance of essential functions. |
Disaster (Crisis) – Any event that disrupts an organization's ability to provide essential or critical business functions for duration greater than the length of time predetermined to be acceptable (see Recovery Time Objective). |
Disaster Recovery – The reaction to the interruption of a specific business process, according to a plan that ensures its orderly and timely restoration. |
Disaster Recovery Plan (DRP) –The document that defines the resources, actions, tasks, and information, required to execute the recovery process in the event of a disruption. The plan should be designed to provide a complete framework for restoring support for critical business processes as identified in the BIA within the stated recovery objectives. |
Diversity – Distributed or expanded among various types or forms. For example, communications system route diversity is communications routing between two points over more than one geographic or physical path with no common points. |
Drive-Away Kit – A kit prepared by, and for, an individual who expects to deploy to an alternate location during an emergency. It contains items needed to minimally satisfy personal and professional needs during deployment. |
E |
Emergency – A sudden, unexpected event requiring immediate action due to potential threat to health and safety, environment, or property. |
Emergency Coordinator – The key senior official appointed within an organizational element or higher who serves as the coordinator for all continuity related matters. Same as Continuity Coordinator. |
Emergency Management –The discipline that ensures an organization, or community’s readiness to respond to an emergency in a coordinated, timely, and effective manner. |
Emergency Plan – Documented procedures that direct coordinated actions to be undertaken in response to threats that are typically of limited duration and do not require an organization to activate its continuity plan. Also referred to as Occupant Emergency Plan or Building Closure Plan. |
Emergency Operations Center (EOC) – A site from which response teams/officials provide direction and exercise control in an emergency or disaster. |
Emergency Operating Records – Records and databases that are essential to the continued functioning or reconstitution of IRS during and after a continuity event or emergency. Examples include emergency plans and directives, succession orders, delegations of authority, staffing assignments, and related records of a policy or procedural nature that provide agency continuity personnel with guidance information resources necessary for conducting operations during a continuity situation, and for resuming operations at its conclusion. |
Emergency Preparedness – The capability that enables an organization or community to respond to an emergency in a coordinated, timely, and effective manner to prevent the loss of life and minimize injury and property damage. |
Emergency Relocation Group (ERG) – Pre-designated staff that moves to an alternate location to continue MEFs in the event that their normal work locations are threatened or have been incapacitated by an incident. The ERG is composed of an advance team plus emergency personnel. |
ERG Member –A person assigned responsibility to report to an alternate location, as required, to perform agency essential functions or other continuity operations responsibilities. |
Enduring Constitutional Government (ECG) – A cooperative effort among the executive, legislative, and judicial branches of the Federal Government, coordinated by the President, as a matter of comity with respect to the legislative and judicial branches and with proper respect for the constitutional separation of powers among the branches, to preserve the constitutional framework under which the Nation is governed and the capability of all three branches of government to execute constitutional responsibilities and provide for orderly succession, appropriate transition of leadership, and interoperability and support the National Essential Functions during a catastrophic emergency. |
Escalation – Process by which event related information is communicated upwards through an organization’s established Chain of Command. |
Essential Functions – These are critical activities that are performed by organizations, especially after a disruption of normal activities. There are three categories of essential functions: National Essential Functions (NEFs), Primary Mission Essential Functions (PMEFs), and Mission Essential Functions (MEFs). |
Essential Records (formerly Vital Records) - Records or documents essential to the continued functioning or reconstitution of an organization during and after an emergency and also those records essential to protecting the legal and financial rights of that organization and of the individuals directly affected by its activities. Two basic categories of Essential Records are emergency operating records, and rights and interest records. |
Essential Records Packet – An electronic or hardcopy compilation of key information, instructions, and supporting documentation needed to access Essential Records in an emergency situation. |
Essential Resources – Resources that support the Federal Government’s ability to provide vital services, exercise civil authority, maintain the safety and well being of the general public, and sustain the industrial and economic base. |
Essential Support Activities for the MEF (ESAs) (formerly Critical Business Process CBP) - Essential Functions that must be performed in order to SUPPORT the agency’s performance of its MEFs. Typically, ESAs are COMMON to most agencies (paying staff, providing a secure workplace, ensuring computer systems are operating, etc.), but do not accomplish the agency’s mission. ESAs are facilitating activities; they are important and urgent, but accomplishing the ESA does not complete the mission or deliver the services the agency was created to accomplish. The ESAs in the Service, cover large number of activities including, but not limited to, Payroll, IT operations, Finance and Accounting, and Procurement operations. |
Evacuation – Movement of employees, visitors, and contractors from a site and/or building to a safe place (assembly area) in a controlled and monitored manner at the time of an event. |
Executive Agent –A term used to indicate a delegation of authority by a superior to a subordinate to act on behalf of the superior. An Executive Agent may be limited to providing only administration and support, or coordinating common functions or it may be delegated authority, direction, and control over specified resources for specified purposes. |
Executive Branch Departments and Agencies – Executive departments enumerated in 5 U.S.C.101, along with DHS, independent establishments as defined by 5 U.S.C. 104(1), Government corporations as defined by 5 U.S.C. 103(1). Intelligence agencies as defined by 50 U.S.C. 3003, and the United States Postal Service. These D/As are referred to as "organizations" throughout this FCD. |
Executive/Management Succession Plan – Predetermined plan for ensuring the continuity of authority, decision-making, and communication in the event that key members of executive management unexpectedly become incapacitated. |
Exercise –A people focused activity designed to execute continuity plans and evaluate the individual and/or organization performance against approved standards or objectives. Exercises can be announced or unannounced, and are performed for the purpose of training and conditioning team members, and validating the business continuity plan. Exercise results identify plan gaps and limitations and are used to improve and revise the business continuity plans. Types of exercises include: Table Top Exercise, Simulation Exercise, Operational Exercise, Mock Disaster, Desktop Exercise, and Full Rehearsal. |
F |
Facilities – Locations where an organization’s leadership and staffs operate. Leadership and staff may be co-located in one facility or dispersed across many locations, connected virtually through communications systems. Facilities must be able to provide survivable protection and enable continued and endurable operations. |
Federal Continuity Directive (FCD) – A document developed and promulgated by DHS, in coordination with the Continuity Advisory Group (CAG) and in consultation with the Continuity Policy Coordination Committee (CPCC), which directs executive branch departments and agencies to carry out identified continuity planning requirements and assessment criteria. |
FEMA Operations Center (FOC) – A continuously operating entity of DHS, which is responsible for monitoring emergency operations and promulgating notification of changes of COGCON status. |
Full-Scale Exercise – A multi-agency, multi-jurisdictional, multi-discipline exercise involving functional (e.g., joint field office, emergency operations centers) and "boots on the ground" response (continuity staff relocating to their alternate sites to conduct scenario driven essential functions). |
G |
Geographic Dispersion – The distribution of personnel, functions, facilities, and other resources in physically different locations from one another. |
Go-Kits – Organizational packages of records, information, communication and computer equipment and other items related to emergency operations. They should contain items that are essential to supporting the team member’s operations at the alternate facility. A Family Go Kit is acontainer that contains the basic necessities for survival, such as food and water. |
Government Functions – Collective functions of the heads of executive departments and agencies as defined by statute, regulation, presidential direction, or other legal authority, and the functions of the legislative and judicial branches. |
H |
Headquarters (HQ) – In this FCD, the term "headquarters" refers to the central or head offices for operations of organizations identified in PPD-40, Annex A. |
Homeland Security Exercise and Evaluation Program (HSEEP) – A program that provides a set of guiding principles for exercise programs, as well as a common approach to exercise program management, design, development, conduct, evaluation, and improvement planning. |
Homeland Security Information Bulletins – Guidance for Federal, State, local, and other governments; private sector organizations; and international partners concerned with our Nation’s critical infrastructures that do not meet the timelines, specificity, or significance thresholds of warning messages. Bulletins often include statistical reports, periodic summaries, incident response or reporting guidelines, common vulnerabilities and patches, and configuration standards or tools. |
Homeland Security Threat Advisories – Guidance provided to Federal, State, local, and other governments; private sector organizations; and international partners with actionable information about an incident involving, or a threat targeting, critical national networks, infrastructures, or key assets. The Threat Advisories include products formerly named alerts, advisories, and sector notifications. |
Homeland Security Threat Level System – (Pre 2011 classification for reference) A color-coded system used to communicate with public safety officials and the public at-large through a threat-based, color-coded system so that protective measures can be implemented to reduce the likelihood of impact of an attack. |
Hot Site – Hot Sites are locations that operate 24 hours a day with fully operational equipment and capacity to immediately assume operations upon loss of the primary facility. A Hot Site continuity facility requires on-site telecommunications, information, infrastructure, equipment, back-up data repositories, and personnel required to sustain essential functions. |
Hot Wash –A Hot Wash is a facilitated discussion held immediately following an exercise among exercise players from each functional area. It is designed to capture feedback about any issues, concerns, or proposed improvements players may have about the exercise. The hot wash is an opportunity for players to voice their opinions on the exercise and their own performance. This facilitated meeting allows players to participate in a self-assessment of the exercise play and provides a general assessment of how the jurisdiction performed in the exercise. At this time, evaluators can also seek clarification on certain actions and what prompted players to take them. Evaluators should take notes during the Hot Wash and include these observations in their analysis. The Hot Wash should last no more than 30 minutes. |
I |
Incident Command System (ICS) – ICS is the combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure, with responsibility for the command, control, and coordination of assigned resources to effectively direct and control the response and recovery to an incident. |
Incident Management Plan (IMP) – The IMP is based on the ICS methodology and provides a standard framework for managing a site’s response to any incident. It focuses on the command and control, coordination activities and management of a disruption or incident at any IRS site/facility |
Interagency Agreement (IAA) – A written agreement entered into between two Federal agencies, or major organizational units within an agency, which specifies the goods to be furnished or tasks to be accomplished by one agency (the servicing agency) in support of the other (the requesting agency). |
Interagency Board – A working group established by the NCC to review and recommend potential PMEFs submitted by organizations before they are submitted to the NCC for final approval. |
Interoperability – (1) The ability of systems, personnel, or agencies to provide services to and accept services from other systems, personnel, or agencies and to use the services exchanged to enable them to operate effectively together. (2) The condition achieved among communications-electronic systems or items of communications-electronics equipment when information or services can be exchanged directly and satisfactorily between them and/or their users. |
Interoperable Communications – Communications that provide the capability to perform MEFs, in conjunction with other agencies, under all conditions. |
K |
Key Personnel – Those positions deemed essential by the organization or individuals whose absence would jeopardize the continuation of an organization’s MEFs. |
L |
Leadership – The senior decision-makers designated to head an organization (e.g., President, Governor, Chief Executive, Commissioner, or manager). |
Legal and Financial Rights Records – Vital records essential to protect the legal and financial rights of the government and the individuals directly affected by its activities. Examples include accounts receivable records, social security records, payroll records, retirement records, and insurance records. These records were formerly defined as "rights-and-interests" records. |
Logistical Support Services – Personnel who have the skills and authority to coordinate the provision of resources and services. |
M |
Maximum Tolerable Downtime (MTD) – The maximum amount of time a business can tolerate the outage of a critical business function. The MTD is derived during the Business Impact Analysis and factors in such things as IT systems Recovery Time Objectives, criticality of the business process, peak demand (such as time-of-year/seasonal workload), as well as IRS, Treasury, or other Federal Government policies. All objectives for each essential function must be coordinated for the objectives of all subsidiary and ancillary processes and for all systems supporting the processes. |
Mission Critical Data – Information essential to supporting the execution of an agency’s essential functions. |
Mission Critical Systems – Automated data processing equipment essential to supporting the execution of the agency’s essential functions. |
Mission Essential Functions (MEFs) – Limited set of agency-level functions that must be continued throughout or resumed rapidly after a disruption of normal activities. These are functions that enable an organization to provide vital services, exercise civil authority, maintain the safety of the general public, and sustain the industrial and economic base during disruption of normal operations. Once identified, MEFs serve as key continuity planning factors to determine appropriate staffing, communications, information, facilities, training, and other requirements. |
Multi-Year Strategy and Program Management Plan – A process that ensures the maintenance and continued viability of continuity plans. |
N |
National Capital Region (NCR) – The National Capital Region was created pursuant to the National Capital Planning Act of 1952 (40 U.S.C. 71). The Act defined the NCR as the District of Columbia; Montgomery and Prince George’s Counties of Maryland; Arlington, Fairfax, Loudoun, and Prince William Counties of Virginia; and all cities now or here after existing in Maryland or Virginia within the geographic area bounded by outer boundaries of combined area of said counties. The NCR includes the District of Columbia and eleven local jurisdictions in the State of Maryland and the Commonwealth of Virginia. |
National Communications System (NCS) – An organization within DHS, the NCS assists the President, the National Security Council, the Director of Office of Science & Technology Policy (OSTP), and the Director of the Office of Management and Budget (OMB) in: (1) the exercise of the telecommunications functions and responsibilities; and (2) the coordination of the planning for, and provision of, national security and emergency preparedness communications for the Federal Government under all circumstances, including crisis or emergency, attack, and recovery and reconstitution. |
National Continuity Coordinator (NCC) – The Assistant to the President for Homeland Security and Counterterrorism (APHS/CT). The NCC is responsible for coordinating, without exercising directive authority, the development and implementation of continuity policy for Executive Branch organizations. |
National Continuity Policy – Establishes a comprehensive national course of action for the continuity of Federal Government structures and operations. |
National Essential Functions (NEFs) –The eight functions the President and the Nation’s leadership will focus on to lead and sustain the Nation during a catastrophic emergency. NEFs must be supported through continuity capabilities. (NEFs are a subset of Government Functions). |
National Exercise and Evaluation Program (NEEP) – The National Exercise Program utilizes the NEEP to evaluate homeland security-related exercises and make improvements for the future. |
National Exercise Program (NEP) – The NEP is the Nation’s overarching exercise program formulated by the National Security Council/Homeland Security Council, and executed by the Federal Interagency. The NEP serves as the principal mechanism for examining the preparation of the Federal executive branch and adopting policy changes that might improve such preparation. |
National Incident Management System (NIMS) – The NIMS standard was designed to enhance the ability of the United States to manage domestic incidents by establishing a single, comprehensive system for incident management. It is a system mandated by HSPD-5 that provides a consistent, nationwide approach for Federal, State, local, and tribal governments, the private sector, and non-governmental organizations to work effectively and efficiently together to prepare for, respond to, and recover from domestic incidents, regardless of cause, size, or complexity, including acts of catastrophic terrorism. |
National Preparedness Goal – A requirement of HSPD-8 to define standards for preparedness assessments and strategies, and a system for assessing the Nation’s overall preparedness to respond to major events, especially those involving acts of terrorism. The Goal establishes measurable priorities, targets, and a common approach to developing needed capabilities. The Goal includes seven priorities for national preparedness: two overarching priorities and five priorities to build specific capabilities. |
National Terrorism Advisory System (NTAS) (Formerly the Homeland Security Threat Level System) - Communicates information about terrorist threats to the American public directly and through State and local governments. |
Normal Operations – Refers to the broad functions undertaken by an organization when it is assigned responsibility for a given functional area; these functions include day-to-day tasks, planning, and execution of tasks. |
Notification List – A list of key individuals who are to be contacted, usually in the event of a disaster. Notification lists normally contain phone numbers (including emergency contact information), and addresses, which may be used in the event that telephones are not operating. |
O |
Observers – Observers are not exercise participants; rather, they observe selected segments of the exercise as it unfolds, while remaining separated from player activities. Observers view the exercise from a designated observation area and are asked to remain within the observation area during the exercise. A dedicated group of exercise controllers should be assigned to manage these groups. In a discussion-based exercise, observers may support the development of player responses to the situation during the discussion by delivering messages or citing references. |
Occupant Emergency Plan (OEP) – A plan that establishes procedures for safeguarding lives and property. An OEP focuses on initial response actions to protect the safety of personnel, and consists of site specific evacuation and shelter-in-place procedures. |
Orders of Succession – Provisions for the assumption of senior agency leadership positions during an emergency when the incumbents are unable or unavailable to execute their duties. They allow for an orderly and predefined transition of leadership. |
Organization Head – The highest-ranking official of an organization, or a successor or designee who has been selected by that official in orders of succession. |
Originating Facility –The site of normal day-to-day operations; the location where the employee usually goes to work. |
Other Bureau Priority Essential Functions - (formerly Other Business Priority Functions (ESAs)) - Bureau Priority Essential Functions that are performed in order to meet a BU’s mission.. These are important and urgent, but do not support the MEFs. They orginate from statue of limitations or other legal requirements of the Service. |
P |
Plan – A proposed or intended method of getting from one set of circumstances to another. A plan is often used to move from the present situation towards accomplishing one or more objectives or goals. |
Player – Players have an active role in preventing, responding to, or recovering from the risks and hazards presented in the exercise scenario, by either discussing (in a discussion-based exercise) or performing (in an operations-based exercise) their regular roles and responsibilities. Players initiate actions that will respond to and/or mitigate the simulated emergency. |
Preparedness –The range of deliberate, critical tasks, and activities necessary to build, sustain, and improve the operational capability to prevent, protect against, respond to, and recover from domestic incidents. Preparedness is a continuous process involving efforts at all levels of government and between government and private sector and non-governmental organizations to identify threats, determine vulnerabilities, and identify required resources. It is also the existence of plans, procedures, policies, training, and equipment necessary at the Federal, State, and local level to maximize the ability to prevent, respond to, and recover from major incidents. The term "readiness" is used interchangeably with preparedness. |
Prevention –Actions taken to avoid an incident or to intervene to stop an incident from occurring, and involve actions taken to prevent the loss of lives and/or property. Prevention involves applying intelligence and other information to a range of activities. Prevention also includes activities undertaken by the first responder community during the early stages of an incident to reduce the likelihood or consequences of threatened or actual terrorist attacks. |
Primary Facility –The site of normal day-to-day operations. |
Primary Mission Essential Functions (PMEFs) – Those MEFs that must be continuously performed to support or implement the uninterrupted performance of NEFs. |
Primary Operating Facility – The facility where an organization’s leadership and staff operate on a day-to-day basis. |
Program – A group of related initiatives managed in a coordinated process so as to obtain a level of control and benefits that would not be possible from the individual management of the initiatives. Programs may include elements of related work outside the scope of the discrete initiatives within the Program. |
Program Management – The continuous cycle of planning, training, evaluating, and implementing corrective actions. |
R |
Readiness Reporting System (RRS) – DHS’s program to collect and manage continuity capability data and assessments of executive branch departments and agencies and their status to perform their PMEFs in support of the NEFs. The RRS will be used to conduct assessments and track capabilities at all times and under all conditions, to include natural disasters, man-made incidents, terrorism, and war. |
Reconstitution – The process by which surviving and/or replacement agency personnel resume normal agency operations from the original, or a replacement, primary operating facility. |
Recovery – The implementation of prioritized actions required to return an organization’s processes and support functions to operational stability following an interruption or disaster. |
Recovery Point Objective (RPO) –The point in the data flow to which an organization must recover via backups or other recovery methodologies. This is one of two prime criteria used to determine the strategy required for the recovery of particular information. |
Recovery Time Objective (RTO) – The period of time within which systems, applications, or functions must be recovered after an outage (such as one business day). This is one of two prime criteria for the development of a recovery strategy. This value also represents the maximum duration for an interruption that might be tolerated without recourse to recovery activities. |
Recovery or Resumption Strategy – Pre-determined process or procedures selected by an organization to recover or resume its essential or BPPs or functions immediately following an interruption or disaster. |
Redundancy – The state of having duplicate capabilities, such as systems, equipment, or resources. |
Resilience – The ability to prepare for, and adapt to, changing conditions and recover rapidly from operational disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. |
Response – Focuses on activities that address the short-term, direct effects of an incident. Response includes immediate actions to save lives, protect property, and meet basic human needs. Response also includes the execution of emergency operating plans and procedures, and of incident mitigation activities designed to limit loss of life, personal injury, property damage, and other unfavorable outcomes. |
Rights and Interest Records – Records that are critical to carrying out the agency’s essential legal and financial functions, and records vital to the protection of the legal and financial rights of individuals who are directly affected by the agency’s activities. Included are records having such value that their loss would significantly impair the execution of agency MEFs, to the detriment of the legal or financial rights and/or entitlements of the agency or of the affected individuals. Examples include accounts receivable, contracting and acquisition files, official personnel records, Social Security, payroll records, retirement, insurance records, and property management and inventory records. |
Risk – The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. With respect to continuity, risk may degrade or hinder the performance of essential functions and affect critical assets associated with continuity operations. This definition is from FCD-2 (Primary Mission Essential Functions Identification and Submission Process (fema.gov) |
Risk Analysis –The process by which risks are identified and evaluated. |
Risk Assessment – The identification and assessment of hazards. |
Risk Management – The process used to identify, control, and minimize the impact of uncertain events. Risk management methodologies are sometimes referred to as risk analysis – most require an assessment and understanding of three basic concepts: the consequences of not protecting valuable assets (i.e., people, information, and facilities); the threat environment (as it relates to a particular business or concern); and, the level of vulnerabilities to the relevant threats. This definition is from FCD-2 (Primary Mission Essential Functions Identification and Submission Process (fema.gov) |
S |
Shelter-in-Place –This is a precaution aimed to keep you safe while remaining indoors. Shelter-in-place means selecting an interior room with no or few windows, and taking refuge there. |
Small Agency Council Continuity of Operations Committee (SAC COOPC) – Provides a forum for the development and integration of continuity policies and programs among the Federal Government organizations represented on the Committee. DHS/FEMA provides assistance to the SAC COOPC as requested by the SAC COOPC Chair. |
Staff – Those personnel, both senior and core personnel, that provide the leadership advice, recommendations, and the functional support necessary to continue MEFs. |
Staff Like Access – A contractor employee who has been approved for interim or final staff-like access requires no escort while in an IRS-owned or controlled facility (which includes leased or contracted space). "Access" is the authority granted to employee and contractors that provides opportunity to physically come into contact with (including, but not limited to reading, transporting, and/or transcribing/interpreting) Sensitive but Unclassifified (SBU) information in the performance of official duties; entering an IRS facility without escort; and/or to login into IRS systems with approved credentials. |
Succession – A formal, sequential assumption of a position’s authorities and responsibilities, to the extent not otherwise limited by law, by the holder of another specified position as identified in statute, executive order, or other presidential directive, or by relevant D/A policy, order, or regulation if there is no applicable executive order, other presidential directive, or statute in the event of a vacancy in office or a position holder dies, resigns, or is otherwise unable to perform the functions and duties of that pertinent position. |
Support Function – Business activities or information, which could be interrupted or unavailable indefinitely without significantly jeopardizing critical functions of an organization. |
T |
Tabletop Exercise (TTX) – Involves key personnel discussing simulated scenarios in an informal setting. They can be used to assess plans, policies, and procedures or to assess types of systems needed to guide the prevention of, response to, or recovery from a defined incident. |
Telecommuting Locations –Those locations equipped with computers and telephones that enable employees to work at home or at a location closer to their home than their main office. |
Telework – The ability to work at a location other than the official duty station, using portable computers, high-speed telecommunications links, and mobile communications devices. |
Telework Site – An approved worksite where an employee performs their duties other than the location from which the employee would otherwise work. |
Test – An evaluation of a capability against an established and measurable standard. Tests are conducted to evaluate capabilities, not personnel. |
Test, Training, and Exercises (TT&E) – Measures to ensure that an agency’s continuity plan is capable of supporting the continued execution of its MEFs throughout the duration of continuity event. |
Trusted Agent –Trusted agents are the individuals on the exercise planning team who are trusted not to reveal the scenarios details to players prior to the exercise being conducted. |
V |
Virtual offices – A location or environment where an employee performs work through the use of portable information technology and communication packages. |
Vital Databases – Information systems needed to support essential functions during a continuity situation or event. |
Vital Records – See Essential Records |
W |
Warm Site – Locations that have a minimum acceptable level of infrastructure in-place, and also possess the IT and telecommunications equipment to become operational as soon as possible, but not later than 12 hours after continuity activation. In order to become active, a Warm Site requires additional personnel, equipment, supplies, software, or customization. Warm Sites generally possess the resources necessary to sustain critical mission/business processes, but lack the capacity to activate all systems or components. |
Weapons of Mass Destruction (WMD) – Weapons that are capable of a high order of destruction and/or of being used in such a manner as to destroy large numbers of people. Weapons of mass destruction can be high explosives or nuclear, biological, chemical, and radiological weapons. |
Work-at-Home – When an employee carries out their work duties at their residence rather than their official duty station. |
Acronyms
(1) The following acronyms apply for all IRMs 10.6.1 through 10.6.6:
BCP | Business Continuity Plan |
BIA | Business Impact Assessment |
BPA | Business Process Analysis |
BPP | Business Process Priority |
BRP | Business Resumption Plan |
CAP | Corrective Action Program |
CIP | Critical Infrastructure Protection |
COG | Continuity of Government |
COGCON | Continuity of Government Readiness Condition |
COOP | Continuity of Operations |
DBP | Deferred Business Priority |
DRP | Disaster Recovery Plan |
EOC | Emergency Operating Center |
ECG | Enduring Constitutional Government |
ERG | Emergency Relocation Group |
ESA | Essential Supporting Activity |
FEMA | Federal Emergency Management Agency |
FOC | FEMA Operations Center |
HSAS | Homeland Security Advisory System |
HSPD | Homeland Security Presidential Directive |
ICS | Incident Command System |
IT | Information Technology |
IMP | Incident Management Plan |
MEF | Mission Essential Function |
NCR | National Capital Region |
NCS | National Communications System |
NEEP | National Exercise and Evaluation Program |
NEF | National Essential Function |
NEP | National Exercise Program |
NIMS | National Incident Management System |
NRP | National Response Plan |
NSPD | National Security Presidential Directive |
OEP | Occupant Emergency Plan |
PMEF | Primary Mission Essential Function |
RRS | Readiness Reporting System |
RPO | Recovery Point Objective |
RTO | Recovery Time Objective |
TT&E | Test, Training & Exercise |
TTX | Tabletop Exercise |
WMD | Weapon of Mass Destruction |
Related Resources
(1) The following resources apply for all IRMs 10.6.1 through 10.6.6:
Continuity of Government Functions
(1) Essential functions are those functions that enable the Federal Government to provide vital services, exercise civil authority, maintain the safety of the public, and sustain the industrial and economic base during an emergency. Essential functions are described as the limited set of agency-level government functions that must be continued throughout or resumed rapidly after a disruption of normal activities.
(2) The four categories of essential functions are:
National Essential Functions (National Level);
Primary Mission Essential Functions (Cabinet or Department Level);
Mission Essential Functions (Agency Primary Responsibilities);
Essential Support Activities (Agency Level Activities required to support MEF).
(3) Two categories of other functions are:
Business Process Priorities (BPPs) (Agency Specific Activities);
Deferred Business Priorities (DBPs) (Agency Specific Activities).
Federal Government Continuity Requirements
(1) National Essential Functions (NEFs) represent the overarching responsibilities of the Federal Government to lead and sustain the Nation and are the primary focus of the Federal Government leadership during and in the aftermath of a continuity event. The IRS is not responsible for any NEFs.
1. | Ensuring the continued functioning of our form of government under the Constitution, including the functioning of the three separate branches of government. [This NEF includes department and agency functions that respect the roles and maintain the check and balance relationship among all three branches of Federal government.] |
2. | Providing leadership visible to the Nation and the world and maintaining the trust and confidence of the American people. [This NEF includes department and agency functions to demonstrate that the Federal government is viable, functioning, and effectively addressing any emergency.] |
3. | Defending the Constitution of the United States against all enemies, foreign and domestic, and preventing or interdicting attacks against the United States or its people, property, or interests. [This NEF includes department and agency functions to protect and defend the worldwide interests of the United States against foreign or domestic enemies, to honor security agreements and treaties with allies, implement Presidential directed military operations, maintain military readiness, and preparedness to achieve national objectives.] |
4. | Maintaining and fostering effective relationships with foreign nations. [This NEF includes department and agency functions to maintain American foreign policy.] |
5. | Protecting against threats to the homeland and bringing to justice perpetrators of crimes or attacks against the United States or its people, property, or interests. [This NEF includes department and agency functions to protect against, prevent, or interdict attacks on the people or interests of the nation and to identify, neutralize, and prosecute those who have committed or intend to commit violations of the law.] |
6. | Providing rapid and effective response to and recovery from the domestic consequences of an attack or other incident. [This NEF includes department and agency functions to implement response and recovery plans, including, but not limited to, the implementation of the National Response Plan.] |
7. | Protecting and stabilizing the Nation's economy and ensuring public confidence in its financial systems. [This NEF includes department and agency functions to respond to and recover from the economic consequences of an attack or other major impact on national or international economic functions or activities.] |
8. | Providing for critical Federal Government services that address the national health, safety, and welfare needs of the United States. [This NEF includes department and agency functions that ensure that the critical federal level health, safety, and welfare services of the nation are provided during an emergency]. |
Treasury Continuity Requirements
(1) Primary Mission Essential Functions (PMEFs) are collections of similar agency MEFs, validated by the National Continuity Coordinator, which must be performed in order to directly support the performance of the NEFs before, during, and in the aftermath of a continuity event. PMEFs are defined as those functions that need to be continuous or resumed within 12 hours after an event and maintained for up to 30 days or until normal operations can be resumed. The IRS has no PMEFs. Treasury's PMEFs are:
1. | Manage government finances - Office of Domestic Finance. |
2. | Use financial measures to counter national security threats - Under Secretary for Terrorism, Finance, and Intelligence |
3. | Safeguard the Nation's financial sector infrastructure - Office of Domestic Finance |
4. | Promote international financial stability - Under Secretary for Internal Affairs |
IRS Continuity Tiers
(1) The IRS has three Tiers of Continuity of Government Functions:
MEFs and ESAs;
BPPs;
DPBs.
(2) The IRS will validate these functions every three years. These functions serve as key continuity planning factors to determine appropriate staffing, communications, information, facilities, training, and other continuity requirements.
(3) When validating the processes, the IRS will:
Determine which IRS functions must be continued under all circumstances;
Prioritize these processes based on criticality of the function. To the extent possible, prioritize these processes against likely continuity operations triggers and scenarios;
Establish staffing, resource requirements, and any other supporting activities needed to perform these functions;
Identify equipment, including IT hardware and telecommunications hardware needed to perform these functions;
Identify mission critical data (Essential Records) and IT systems necessary;
Determine consumable office supplies needed;
Integrate supporting activities;
Defer functions not deemed BPPs until additional personnel and resources become available.
(4) Maximum Tolerable Downtimes (MTDs) for each function need to be addressed. MTD refers primarily to the Business Process. Recovery Time Objectives (RTOs), and Recovery Point Objectives (RPOs) are related and refer to the associated systems. These must not conflict. They are to be determined based on criticality; on seasonality and any other cyclical demand; and on IRS, Treasury, or other Federal Government policy. All objectives for each essential function must be coordinated for the objectives of all subsidiary and ancillary processes, and for all systems supporting the processes.
(5) The IRS will be capable of sustaining its functions for a period up to 30 days or until normal business activities can be resumed.
(6) The lists of resources required to perform the IRS functions will be reviewed annually and updated as necessary.
Tier 1: Mission Essential Functions
(1) MEFs are directly related to accomplishing the mission of the organization–providing the goods and services to the Nation that the agency was established in the first place to produce. Generally, a MEF is unique to the agency–most other agencies do not perform this function. MEFs are those functions the agency performs to provide vital services, exercise civil authority, maintain the health and safety of the general public, and sustain the economic/industrial base during a disruption of normal operations.
(2) These must be operational within 12 hours.
(3) The IRS has three MEFs. These are Processing Tax Remittances, Processing Tax Returns, and Processing Tax Refunds.
1. | Process Tax Remittances - Process of receiving payments, fees and other monies through submission processing and includes the deposit of funds along with all necessary accompanying payment data to Treasury. |
2. | Process Tax Returns - Process that includes the receipt, sorting, coding, and archiving of all tax returns (electronic and paper). (For Paper submissions it includes: receipt, extract and batch/sort, code/edit, and capture, as well as archiving and managing the paper files. For Electronic return data it includes: validate, accept/reject, and receipt acknowledgement). |
3. | Process Tax Refunds - Process of performing the final calculations and verifications to settle the account including disposition based information, exception reports, posting offsets, and sending refund information for issuance. |
Tier 1a: Essential Supporting Activities for the MEF
(1) ESAs for the MEFs are the Essential Functions that must be performed in order to support the agency’s performance of its MEFs. Typically, ESAs are common to most agencies (paying staff, providing a secure workplace, ensuring computer systems are operating, etc.), but do not accomplish the agency’s mission. ESAs are facilitating activities; they are important and urgent, but accomplishing an ESA does not complete the mission or deliver the services the agency was created to accomplish.
(2) These must be operational quickly to support the recovery of the MEF. The specific time will be determined for each process.
(3) The IRS has eight Essential Supporting Activities:
1. | Physical Security |
2. | Facilities Management |
3. | Information Technology |
4. | General Legal Services/Chief Counsel |
5. | Financial Management |
6. | Procurement |
7. | Communications |
8. | Payroll |
9. | Human Resources/Benefits |
Tier 2: Business Process Priorities
(1) BPPs are important and urgent to accomplish the BUs’ mission in support of the MEF, but accomplishing the BPP does not complete the mission or deliver the services the agency was created to accomplish.
(2) These functions are usually recovered by relocation.
(3) The IRS has six BPPs.
1. | Taxpayer Assistance - Process of providing information to and communications with taxpayers. This includes live assistance and response to notices and taxpayer queries. |
2. | Advocate Fair Taxpayer Treatment - Process by which taxpayer rights and tax laws are applied with integrity and fairness to all taxpayers in their association with the agency. |
3. | Perform Compliance Activities - Process of providing tax payment arrangements and compromises to assist taxpayers in meeting their tax obligations and securing delinquent returns. Includes tax enforcement actions, case processing and debt collections. |
4. | Perform Litigation - Process to address all litigation and technical tax activities (i.e., publish guidance, advance case resolution, general legal services, and providing legal advice) performed by Counsel to ensure compliance of tax law, including the conduct of tax litigation in the appropriate court system. |
5. | Provide Appeals Process - Process that includes all activities of providing hazards assessment of positions in dispute and resolving such disputes on a basis which is fair and impartial to both the government and taxpayer. |
6. | Online Services - Processes to ensure delivery of digital solutions to taxpayers at all stages of the tax process |
Tier 3: Deferred Business Processes
(1) DBPs are all other Business Processes of the IRS, which while important to maintaining an efficient and effective tax processing system, either do not have either statutory or regulatory deadlines -OR- are not directly in support of one of the MEFs.
(2) DBPs are discretionary functions that can be deferred until after an emergency situation has been stabilized.
(3) DBPs are usually addressed with either shipment of the work to an alternate location, or resumption, when possible.
(4) Each BU should prioritize functions and locations, and understand that resumption of the DBPs may not occur simultaneously after an event.
Continuity Planning Objectives
(1) Federal Continuity Directive 1 (FCD-1) outlines the objectives of a continuity plan for all Federal agencies. These objectives have been implemented by the IRS and include:
Ensuring the safety of IRS personnel and visitors;
Ensuring the IRS can continue to perform its MEFs and ESAs including conducting activities from an alternate location, if necessary;
Reducing the loss of life and minimizing property damage and loss;
Executing, as required, successful succession to office with accompanying delegation of authorities in the event a disruption renders IRS leadership unable, unavailable, or incapable of assuming and performing their duties and responsibilities;
Reducing or mitigating disruptions to IRS operations;
Ensuring that IRS has facilities available where it can continue to perform its MEFs during a continuity event or emergency;
Protecting essential facilities, Essential Records, equipment, and other assets in the event of a disruption;
Achieving a timely and orderly recovery and reconstitution from a continuity event or emergency;
Ensuring and validating IRS continuity readiness through an integrated continuity test, training, and exercise program to support the implementation of the IRS continuity plans.
(2) IRS continuity planning will be based on the assumption that there will be no warning of potential emergencies or incidents, using a worst-case scenario (the inaccessibility or unavailability of an IRS facility and all of its contents).
(3) The primary purpose of the Continuity Plan is to ensure recovery of the MEFs and ESAs. Other processes (BPPs and DBPs) should be addressed but may not need all Continuity Plan sections. Specific guidance on BPPs and DBPs will be provided by SCR-CO:CO.
General Policy
(1) In accordance with, and in support of, the National Continuity Policy, the IRS will have in place a comprehensive and effective Continuity Program to ensure the continuity of IRS MEFs and ESAs under all circumstances across the spectrum of threats, including localized acts of nature, accidents, and technological or attack-related emergencies.
(2) The IRS Continuity Program is implemented through its related continuity plans and procedures and its continuity test, training, exercise and operational capability to support these plans and procedures.
(3) The IRS Continuity Program will address geographic dispersion, risk management, security, and readiness and preparedness:
The IRS will incorporate geographic dispersion of its leadership, data storage, personnel, and other capabilities into its normal daily operations, as appropriate. Geographic dispersion of the IRS normal daily operations can significantly enhance IRS resilience and reduce the risk of losing the capability to perform IRS MEFs and ESAs;
The IRS will apply risk management principles to ensure that appropriate operational readiness decisions are based on the probability of an attack or other incident and its consequences;
The IRS will integrate its security strategies that address personnel, physical, and information security to protect personnel, facilities, plans, and capabilities, to prevent adversaries from disrupting IRS continuity plans and operations;
The IRS leadership will ensure that the IRS, through normal procedures or with a continuity plan, can perform its MEFs and ESAs before, during, and after an incident.
(4) The performance of IRS MEFs and ESAs in an emergency or continuity event will be the basis for continuity planning, preparation, and execution.
(5) The IRS will develop and maintain continuity plans and procedures and implement test, training, exercise, and assessment programs that ensure continuity under all conditions.
(6) The IRS continuity plans will be responsive and executable with or without warning.
(7) The IRS will have in place a viable continuity capability to ensure continued performance of IRS MEFs and ESAs from alternate operating sites during any emergency or situation that may disrupt normal operations.
(8) To ensure effective continuity capabilities, the IRS will maintain a multiyear strategy and a program management plan with objectives and metrics set forth in that plan.
(9) In accordance with the National Continuity Policy, the IRS will use metrics to measure its ability to meet its continuity requirements. The IRS will use the list of continuity requirements, key questions, and metrics guidance specified in IRM 10.6.2 IRM Continuity Plan Requirements to certify to Treasury that it has a strong continuity capability as required in IRM 10.6.5Annual Certification Requirements.
Continuity Requirements
(1) The IRS must be capable of continuing the performance of its MEFs and ESAs during any emergency for a period up to 30 days or until normal operations can be resumed.
(2) The IRS must have the capability to be fully operational at its continuity facilities as soon as possible after the occurrence of an emergency, but not later than 12 hours after continuity operations activation.
(3) The IRS mus have succession orders and pre-planned delegations of authority to ensure there is an orderly and predefined transition of leadership and delegation of authority within IRS during any emergency must be planned and documented in accordance with applicable laws.
(4) The IRS must safeguard its vital resources, facilities, and records, and provide official access to them.
(5) The IRS must make provisions for acquisition of the staff and resources necessary for continuity operations on an emergency basis.
(6) The IRS must make provisions for the availability and redundancy of critical communications capabilities at continuity sites in order to support connectivity between and among key government leadership, IRS organizational elements, other executive departments and agencies, critical partners, and the public.
(7) The IRS must make provisions for reconstitution capabilities that allow for recovery from a catastrophic emergency and resumption of normal operations.
(8) The IRS must make provisions for the identification, training, and preparedness of IRS personnel capable of relocating to continuity facilities to support the continuation of the performance of IRS MEFs and ESAs.
(9) The IRS will incorporate these continuity requirements into its daily operations to ensure a seamless and immediate continuation of the capabilities of MEFs and ESAs.
Orders of Succession
(1) Orders of succession are provisions for the assumption of senior IRS leadership positions during an emergency when the incumbents are unable or unavailable to perform their authorized duties, roles, and responsibilities. Orders of succession allow an orderly and predefined transition of leadership.
(2) The IRS will provide for a clear line of succession in the absence of existing IRS leadership and the necessary delegations of authority to ensure that the succeeding leadership has the legal authorities to carry out their duties and responsibilities. The IRS leadership is responsible for establishing, promulgating, and maintaining orders of succession to key positions.
(3) Every BU must have a listing of Orders of Succession for BU leadership. Orders of Succession will:
Establish an order of succession for the position of agency head, the IRS Commissioner;
Establish orders of succession for other key IRS leadership positions, including, but not limited to administrators, regional or field directors, key managers, other key mission essential personnel or their equivalent positions (Deputy Commissioners, heads of IRS BUs; directors of computing centers, submission processing sites, and campuses, etc.). Orders of Succession should also be established for devolution counterparts in these positions;
Be listed in an appropriate IRM for that BU;
Be listed in the BU Continuity Plan.
(4) Orders of Succession will be of sufficient depth to ensure that IRS is able to perform its MEFs. At a minimum an Order of Succession will:
Identify any limitations of authority based on delegations of authority to others;
Describe orders of succession by positions or titles, rather than by names of individuals holding those offices;
Note: If there are any questions regarding legal sufficiency, IRS General Legal Services can provide assistance.
Revise, as necessary, and distribute revised versions promptly as changes occur;
Establish the procedures that designated alternates are to follow when facing the issues of succession to office in emergency situations;
Include in the succession procedures the conditions under which succession will take place, method of notification, and time, geographical, or organizational limitations of authorities granted by the Orders of Succession;
Include a duties and responsibilities briefing to the designated successors to the position of agency head (IRS Commissioner), when named, and other key IRS leadership positions, on their responsibilities as successors and on any provisions for their relocation.
(5) Designated successors will be provided annual refresher briefings on IRS continuity preparations.
(6) Orders of Succession will be included in the Essential Records and be available at all continuity facilities in the event the continuity plan is activated.
(7) See IRM 1.2.2.2 IRM Servicewide Policies and Authorities, Delegations of Authority for Organization, Finance and Management Activities for further information and requirements for approval.
Emergency Delegations of Authority
(1) An emergency Delegation of Authority identifies who is authorized to act on behalf of the agency head or other agency officials for specified purposes and ensures that designated individuals have the legal authorities to carry out their duties. To the extent possible, these emergency authorities should be identified by title or position, and not by the individual office holder’s name.
(2) The IRS will pre-delegate authorities for making policy determinations and other decisions to ensure rapid response to any emergency situation requiring implementation of its continuity plans.
(3) Generally, predetermined emergency delegations of authority will take effect when normal channels of direction are disrupted and will terminate when these channels are reestablished. Delegation of Authority is an essential part of IRS continuity plans and should reach to a sufficient depth and have sufficient breadth—at least three positions deep and geographically dispersed where feasible to ensure the IRS can perform its MEFs while remaining a viable part of the Federal Government during the course of any emergency.
(4) An emergency Delegation of Authority must document, in advance, the legal authority of officials (including those below the level of IRS Commissioner) to make key policy decisions during a continuity situation.
(5) To ensure IRS essential functions are performed, emergency Delegations of Authority must be planned and documented in advance of an incident and in accordance with applicable laws, including by:
Delineating the limits of authority and accountability;
Outlining explicitly in a statement, the authority (including any exceptions to that authority) of an official so designated to exercise IRS direction, and the authority of an official to re-delegate functions and activities, as appropriate;
Defining the circumstances under which Delegation of Authorities would take effect and would be terminated.
(6) Emergency Delegations of Authority must ensure that those officials who might be expected to assume authorities in a continuity situation are properly informed and trained to carry out their emergency responsibilities.
(7) Delegations of Authority must ensure the orderly (and predefined) transition of leadership, for the position of IRS Commissioner as well as for key supporting positions within IRS, during an emergency and be closely tied to succession.
(8) Delegations of Authority will be included in the Essential Records and be available at all continuity facilities in the event the continuity plan is activated.
(9) Every BU must have a listing of Delegations of Authority for business unit leadership.
Other Plans in the Business Continuity Planning Suite
(1) Occupant Emergency Plan (OEP):
OEPs are the first set of documents to be used in the event of any disruption or emergency. They are specific to each building;
OEPs are maintained by Facilities Management and Security Services (FMSS) and requirements are covered in IRM 10.2.9Occupant Emergency Planning.
(2) Incident Management Plan (IMP):
The IMP is a single set of documents maintained by SCR-CO:CO for use by Incident Commanders and others involved in any incident management or response;
This plan details general steps to respond to any incident as well as resumption of operation;
This is detailed in IRM 10.6.4Incident Management Program.
(3) Information System Contingency Plan (ISCP):
The ISCP is the plan for IT systems resumption and continuity. It contains specific steps for the restoration of service when any IT system or application is non-functional, as well as steps needed for activation of backup systems and data;
IRM 10.8.60IT Service Continuity Management (ITSCM) Policy and Guidance and IRM 10.8.62Information System Contingency Plan (ISCP) and Disaster Recovery (DR) Test, Training, and Exercise TT&E Process list requirements for the ISCP.
Internal Cross Functional Continuity Groups
(1) Continuity Operations Working Group (COOPWG) is comprised of SCR-CO:CO, and theBUs’ NCPOCs and alternates. The COOPWG meets 11 times a year.
(2) Continuity Operations Executive Steering Committee (COOPESC) is comprised of SCR-CO:CO, and the Directors or their designees from each BU. The COOPESC meets as needed.
Summary of Oversight Agencies Roles
(1) Treasury Operations: Safety, Health, and Emergency Management:
Set any needed additional Treasury standards to those described in FCD-1 and 2;
Maintain standing and ad hoc committees and boards as necessary;
Receive Annual Certification (see IRM 10.6.5Annual Certification Requirements).
(2) Treasury Inspector General for Tax Administration:
Audits to address state of IRS' readiness for response and recovery;
Participates as appropriate in training, test, and exercises;
Conducts post-incident audit and evaluation.
(3) DHS/FEMA sets standards for Readiness and Continuity.
(4) United States Congress may receive (at their request) post-incident reports.
(5) Government Accountability Office may audit and validate processes and costs related to any incident and recovery.