Low Impact System Contingency Plan of Karl Healthcare Organization

Low Impact System Contingency Plan Template
Project Karl
Security Categorization: Low
Karl Healthcare Organization
Information System Contingency Plan (ISCP)
Version 2
June 13, 2023
Prepared by
Karl Healthcare Organization
123 Main Street
Pasadena, California, 90210
TABLE OF CONTENTS
Plan Approval…………………………………………………….………..….……….……A.1-3
1. Introduction ………………………………………………….……..……….…….……..A.1-4
1.1 Background………..………………………………………….………………..A.1-4
1.2 Scope……..………..…………………………..…….……….……….………..A.1-4
1.3 Assumptions..…….………………………..….……………….……….……...A.1-4
2. Concept of Operations ………………………….……..…………………………..……A.1-5
2.1 System Description………………....……………………………………..…..A.1-5
2.2 Overview of Three Phases..…………………………………………………..A.1-5
2.3 Roles and Responsibilities…….…......……………………………………....A.1-5
3. Activation and Notification………………....………………………..………….……..A.1-6
3.1 Activation Criteria and Procedure ...………………………..………………..A.1-6
3.2 Notification…………………...………………………………..………………..A.1-6
3.3 Outage Assessment…………....…......……………………..………………..A.1-6
4. Recovery……………………….……………....…………………………………………..A.1-7
4.1 Sequence of Recovery Activities ....……………………………..…………..A.1-7
4.2 Recovery Procedures ……...………………………………………..………..A.1-8
4.3 Recovery Escalation Notices/Awareness..……………………………..……A.1-8
5. Reconstitution..……………….……………....………………….………………..……..A.1-8
5.1 Validation Data Testing………...…………………….…….….………….…..A.1-8
5.2 Validation Functionality Testing…........…………….……..…………….…...A.1-8
5.3 Recovery Declaration…………........………………….………………….…..A.1-8
5.4 Notification (users)…. ……...………………………….………………….…..A.1-8
5.5 Cleanup ...……………………...…......……………….………………….……A.1-8
5.6 Data Backup………………...………………………….…………………..…..A.1-8
5.7 Event Documentation…………..…......……………….………………….…..A.1-9
5.8 Deactivation……………………..…......……………….………………….…..A.1-9
References 1.         Introduction

Information systems are vital to Karl Healthcare Organization’s mission/business processes; therefore, it is critical that services provided by Karl Healthcare System are able to operate effectively without excessive interruption.  This Information System Contingency Plan (ISCP) establishes comprehensive procedures to recover Karl Healthcare System quickly and effectively following a service disruption.  1.1       Background This Karl Healthcare System ISCP establishes procedures to recover Karl Healthcare System following a disruption.  The following recovery plan objectives have been established:

• Maximize the effectiveness of contingency operations through an established plan that consists of the following phases:
  • Activation and Notification phase to activate the plan and determine the extent of damage;
  • Recovery phase to restore Karl Healthcare System operations; and
  • Reconstitution phase to ensure that Karl Healthcare System is validated through testing and that normal operations are resumed.
• Identify the activities, resources, and procedures to carry out Karl Healthcare System processing requirements during prolonged interruptions to normal operations.
• Assign responsibilities to designated Karl Healthcare Organization personnel and provide guidance for recovering Karl Healthcare System during prolonged periods of interruption to normal operations.
• Ensure coordination with other personnel responsible for Karl Healthcare Organization contingency planning strategies.  Ensure coordination with external points of contact and vendors associated with Karl Healthcare System and execution of this plan.

  1.2       Scope This ISCP has been developed for Karl Healthcare System, which is classified as a low-impact system, in accordance with Federal Information Processing Standards (FIPS) 199 – Standards for Security Categorization of Federal Information and Information Systems.  Procedures in this ISCP are for Low- Impact systems and designed to recover Karl Healthcare System within 24 hours. This plan does not address replacement or purchase of new equipment, short-term disruptions lasting less than 24 hours; or loss of data at the onsite facility or at the user-desktop levels.  As Karl Healthcare System is a low-impact system, alternate data storage and alternate site processing are not required.   1.3       Assumptions  The following assumptions were used when developing this ISCP:

• Karl Healthcare System has been established as a low-impact system, in accordance with FIPS 199.
• Alternate processing sites and offsite storage are not required for this system.

• The Karl Healthcare System is inoperable and cannot be recovered within 24 hours
• Key Karl Healthcare System personnel have been identified and trained in their emergency response and recovery roles; they are available to activate the Karl Healthcare System Contingency Plan.

 

The Karl Healthcare System ISCP does not apply to the following situations:

• Overall recovery and continuity of mission/business operations.  The Business Continuity Plan (BCP) and Continuity of Operations Plan (COOP) address continuity of mission/business operations.
• Emergency evacuation of personnel.  The Occupant Emergency Plan (OEP) addresses employee evacuation.
• Regulatory compliance. The ISCP will adhere to any laws and regulations while carrying out recovery
• Appropriate training: staff will be adequately trained to ensure they are highly skilled when it comes to implementing the plan.

  2.         Concept of Operations The Concept of Operations section provides details about Karl Healthcare System an overview of the three phases of the ISCP (Activation and Notification, Recovery, and Reconstitution), and a description of roles and responsibilities of Karl Healthcare Organization’s personnel during a contingency activation.   2.1       System Description  The Karl Healthcare system is an information system that comprises of an integrated health information system. The system integrates functions such as billing, processing payments and keeping patient records. The system is such that there is a centrally located server. There are also some other virtualized servers that help serve different departments of the healthcare organization. Authentic users can access the system through providing valid login credentials. Some of the external players include healthcare service providers such as those offering complex laboratory services. There are backup procedures to ensure that data integrity is maintained at all times. 2.2       Overview of Three Phases This ISCP has been developed to recover and reconstitute the Karl Healthcare System using a three-phased approach.  This approach ensures that system recovery and reconstitution efforts are...