New resource aims to help organizations with service continuity management

Published: Wednesday, 10 April 2019 07:46

Carnegie Mellon University’s Software Engineering Institute (SEI) has published a new Technical Note to assist organizations that have conducted its Cyber Resilience Review to use the results to develop a service continuity management (SCM) plan.

The SEI’s CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the US Department of Homeland Security in 2011. Since then, hundreds of CRRs conducted across numerous critical infrastructure sectors have yielded exhaustive reports. These reports can provide overwhelming detail of resilience options for consideration; numerous references to best practices, regulations, and standards; and one common question: “OK, now what?”

The CERT Division answers that question in the new technical note: ‘A Targeted Improvement Plan for Service Continuity’. This publication provides a template for addressing service continuity management and explains how to use CRR results to prioritize SCM-specific and supporting practices. The template employs an SCM improvement profile to develop a long-term plan for protecting and sustaining critical, cyber-dependent services during times of stress.

The technical note describes a method for using the included template and results from a CRR to develop a targeted improvement plan tailored to an organization’s own priorities. The organization can identify and prioritize practices that will most improve its service continuity management activities and its overall cyber resilience. The template ranks each of the 167 practices based on the premise that limited resources demand tough choices. The practices are not ranked according to importance—they are all important - but rather according to a suggested order grouped into implementation phases.

Download the technical note at