The document outlines key steps in developing an IT contingency plan based on NIST SP 800-34. It emphasizes the importance of creating a contingency planning policy, conducting business impact analyses, and identifying recovery strategies. The process includes monitoring and maintaining critical IT resources and establishing preventive controls.

2. Categorize
Select
Implement
Assess
Authorize
Monitor

4. NIST SP 800-34

7. NIST SP 800-34

8. NIST SP 800-34

9. 1
• Develop the contingency planning policy statement
2
• Conduct the business impact analysis
3
• Identify preventive controls
4
• Develop recovery strategies
5
• Develop an IT contingency plan
6
• Plan testing, training and exercise
7
• Plan maintenance

12. Identify critical IT
resources and
dependencies
Identify
maximum
allowable
downtime
Develop
recovery
strategies &
priorities