1. SAM
  2. TOC
  3. 5300
  4. 5325-1

TECHNOLOGY RECOVERY PLAN - 5325.1

(Revised: 10/2025)

 

Introduction: 

As a sub-set of a state agency or entity’s Continuity Plan, the Technology Recovery Plan (TRP) is activated immediately after a significant disruption or disaster and focuses on priority recovery and restoration of systems, services, and data supporting mission and business essential functions identified as part of a Business Impact Analysis (BIA).

Policy: 

 Each state agency or entity must develop a TRP in support of the state agency or entity’s BIA, Continuity Plan, and the business need to protect information assets to ensure their availability following a significant disruption or disaster. Each state agency or entity must keep its BIA, Continuity Plan, and TRP documentation up to date and comply with the following requirements, in accordance with SIMM 5330-C Information Security Compliance Reporting Schedule.

  1. Each state agency or entity must annually file a copy of the following:
    1. SIMM 5325-B Technology Recovery Program Compliance Certification.
    2. SIMM 5325-A compliant TRP with supporting materials including:
      1. California Office of Emergency Services (CalOES) Continuity Program Assessment Tool (CPAT) Submittal Confirmation Report to confirm Business Continuity Plan submission.
      2. An enterprise-wide BIA for all business processes and critical infrastructure, supporting systems, and their dependencies to include:
        1. SIMM 5325-B IT System(s) Inventory category labels and details:
          1. Critical system labels: state critical, mission critical, public facing, and critical infrastructure control systems.
          2. Non-critical system label: other IT systems.
  2. If the state agency or entity contracts for services, it must work with the provider and document TRP coordination procedures. This includes, but is not limited to, any state or non-state service provider delivering infrastructure, platform, software, storage, or monitoring as a service to another state agency or entity.

  3. Each state agency or entity TRP must cover, at a minimum, the sections which are listed and described in SIMM 5325-A, Technology Recovery Plan Instructions. If the TRP does not follow the format in SIMM 5325-A, the Technology Recovery Plan Cross Reference Tool located in SIMM 5325-B, must be included with the update to indicate where required information is located within the TRP.

  4. The TRP must outline a planned approach to managing risks to the state agency or entity’s mission, including risk and potential impact to processes and their underpinning technology systems and services. The TRP must be derived from the state agency or entity’s BIA and Continuity Plan. Instructions for preparing the TRP are described in SIMM 5325-A.

  5. All state agencies or entities must individually meet SAM 5325, Continuity Planning with Technology Recovery requirements to ensure recovery and restoration of their mission and business essential functions in a timely manner.

Note: CalOES’ CPAT and continuity planning requirements are available at: https://www.caloes.ca.gov/office-of-the-director/operations/planning-preparedness-prevention/planning-preparedness/continuity-planning

Implementation Controls: NIST SP 800-34; NIST SP 800-53: Contingency Planning (CP), NIST IR 8286D; NIST CSF 2.0 IDENTIFY (ID), PROTECT (PR), RESPOND (RS), RECOVER (RC); SAM 5325; SIMM 5325-A; SIMM 5325-B; SIMM 5300-C; SAM 5300.4; SIMM 5330-C;  Executive Order S-04-06

 

Revisions

Search Entire Manual

Print Entire SAM Manual

Please bear with us, generating the entire SAM for printing will take approximately two minutes.