Radian Solutions proposed a phased approach to implementing the BCP program and to mature the BCP program over time.

Phase I

The proposed solution offered by Radian Solutions for the State department includes the following key components:

• Business Continuity Plan (BCP): Develop and submit a BCP that includes designs, strategies, and plans for reducing known vulnerabilities, providing IT service recommendations to improve service availabilities, and recommendations for developing business continuity plans to improve the continuity of critical business processes.
• Gap Analysis Report: Conduct, develop, and submit a Gap Analysis Report that identifies gaps in the existing controls and organizational structure to prioritize the development of State Department’s security objectives.
• Risk Assessment Report: Develop and submit a Risk Assessment Report by gathering and analyzing data to assess the effectiveness of existing information security and privacy posture, identify critical business processes and impacts from vulnerabilities and disruptions, evaluate the current IT service recovery capabilities, and develop a risk remediation strategy plan.
• Business Impact Analysis (BIA) Report: Develop and submit a BIA Report by evaluating and assessing current business operations to determine standards-based RTOs for critical processes, align IT services to meet the RTOs, and reduce potential vulnerabilities and impacts from interruptions. The BIA Report should include a summary of activities, initial findings, business continuity plan and analysis, standard-based recommendations, and guidelines for developing incident response management systems and training programs.
• Executive Presentation: Provide an executive presentation summarizing the entire engagement, including data gathering, summaries of each required deliverable, recommendations, and mitigation plans. The presentation should include risk analysis, RPO and RTO analysis, BIA qualitative and quantitative analysis, and a summary of gap analysis.

Phase II

• BCP SharePoint Site Creation: Build BCP SharePoint Site for the State department to manage their BCP program. Created subportals for each project and/or business unit. Created site design to automate data collection tasks, storing all critical information within the SharePoint portal.
• Historical BCP data and documents: Consolidated and uploaded all relevant historical BCP data and documents to the BCP SharePoint portal.

Phase III

The proposed solution offered by Radian Solutions for the State Department to enhance its Business Continuity Plan (BCP) program includes the following key components:

• BCP Data Collection Process Improvement: Build upon Phase II improvements to further automate and enhance the data collection process from projects. This includes providing additional training, fine-tuning communication strategies, automating the BCP document update process, improving vendor and partner management, and ensuring completion of the SIMM-5325B checklist for all projects.
• BCP SharePoint Site Improvements: Build upon the BCP SharePoint Site created during Phase II by improving site design and management, using technical features to automate data collection tasks, adding additional features and links, and updating project data as needed.
• Self-Services Features: Offered Self-Service feature to enable each project and business-unit to update their BCP data including point-of-contacts, their IT Systems, RPO and RTO data and any relevant BCP documentation.
• Create Additional Policies and Procedures: Work with relevant divisions and projects to create new policies and procedures to fulfill requirements from CalOES and CDT, including procedures for employee dismissal, data backup and restoration, and inter-agency exercising of Continuity plans.
• Update Document Submission Process: Review and improve the BCP document submission process, including automating the document package creation process, reviewing the ISO’s document review and approval process, and improving the submission process for executive review and approval as well as submission to CalOES and CDT.
• Conduct a Hands-On Disaster Recovery Technology Exercise: Develop and conduct a hands-on exercise to test BIA outcomes, identify areas of improvement, and provide training opportunities for state staff. Create a long-term technical exercise plan for deepening DR exercise testing.
• Conduct a Tabletop Exercise: Provide vision, strategy, and methodology to deliver a tabletop exercise that builds on lessons learned from previous exercises. This includes creating a mission and goal statement, defining a scenario, creating participant handouts, facilitating the exercise, and documenting a post-event summary.
• Apply New CDT Templates: Work with the CalOES, and CDT subject matter experts to improve the program based on feedback and lessons learned from Phase II regulatory compliance submission. Apply feedback and ideas toward the Phase III data gathering and submission process.
• Knowledge Transfer and Training: Provide guidance to State staff on Disaster Recovery best practices, conduct knowledge transfer sessions with OSI BCP program participants and staff, and document residual tasks for future BCP process improvement and SharePoint site improvements.

Phase IV:

• Improve & Automate Data Collection Process: Build upon Phase III improvements by identifying opportunities to further enhance and automate the data collection process. This includes providing additional training to projects on updating their BCP documents, fine-tuning communication strategies, automating the data collection process, and automating the BCP documents update process where possible. Radian Solutions worked closely with business units and projects to complete manual updates that cannot be automated. The completion of the SIMM-5325B checklist with all projects and business units was a key accomplishment.
• Update & Add New BCP Data and Documents: Build upon the BCP SharePoint Site created during Phase III, with improvements such as enhancing site design and management, using technical features to automate data collection tasks, adding additional features and links as needed, and updating BCP SharePoint project data. Furthermore, Radian Solutions worked with relevant divisions to create new policies as needed, fulfilling requirements from CalOES and CDT, including procedures for employee dismissal, closure of facilities, backup and retention schedules, data backup and restoration, and inter-agency continuity plan exercises.
• Mature Self-Services Features: Radian Solutions aims to enhance the maturity of self-services features, making the BCP process more efficient, automated, and aligned with the evolving needs of the BCP program. Additionally, Radian Solutions will also include knowledge transfer and training sessions to guide State staff on managing their data updates and data submission tasks.