|
Disaster Recovery Contingency Planning and Risk Assessment
The Contractor should provide disaster recovery contingency planning and risk assessment support
including, but not limited to, those software applications, which are processed on various computer
platforms (e.g., personal computers, mainframes, and mini-computers). Establishing Hot/Cold Sites is outside the scope of this RFP. Such support includes, but is not limited to, the capability to:
i. Review and/or develop disaster recovery contingency plans and risk assessments;
ii. Recommend ways to increase the effectiveness of the plans and the continuity of service;
iii. Incorporate disaster recovery and continuity of operations plans as an attachment of the system security plan; and,
iv. Perform quantitative risk analyses of large sensitive systems, generally including the risk
analysis package as an attachment to the system security plan. Such support includes, but is not limited to, the capability to:
-
Identify and value computer/communications network assets;
-
Identify potential threats to those assets and system vulnerability;
-
Assess adequacy of existing management, operational, and technical controls in safeguarding assets against waste, loss, unauthorized access and use, and misappropriation; and,
-
Analyze the consequences/impact of the potential threats resulting in recommendations of safeguards.
v. Determine the specifications required for a Hot/Cold site. The actual establishment of the site is outside the scope of this RFP.
|
