OKDHS:2-45-11. Continuity of operations regulations
(a) Regulations. Each Oklahoma Department of Human Services (OKDHS) office or facility must develop an emergency operating plan that is followed in the event of tornado, fire, bomb threat, hostage situation, or other emergency.
- (1) developed by each office or facility to accommodate the needs of the office or facility;
- (2) formatted according to the document template and structure provided by the Information Security Office (ISO);
- (3) submitted to ISO for approval;
- (4) posted at the office or facility, with a copy maintained by ISO;
- (5) made available upon request;
- (6) updated and submitted annually to ISO for review; and
- (7) discussed with local staff by local management a minimum of twice each calendar year to ensure awareness of the plan and plan activities.
(c) Definitions. The following words and terms, when used in this Subchapter, shall have the following meaning, unless the context clearly indicates otherwise:
- (1) "Emergency operating plan" means the written plan and procedures established to protect staff and visitors of an office or facility in the event of a natural or man-made disaster or emergency.
- (2) "Response" means providing services to reduce casualties and damage and speed recovery during and after an emergency. Response activities include:
- (A) warning;
- (B) evacuation;
- (C) rescue; and
- (D) business recovery and resumption.
(d) Effective. OKDHS continuity of operations regulations remain in effect until officially superseded or cancelled by the ISO. No OKDHS division may create a policy that supersedes continuity of operations regulations or the Information Security Program requirements.
(e) Emergency operating plan. The ISO requirements for the emergency operating plan submitted by each office or facility include the items in (1) through (7).
- (1) Emergency notification and contact list, including:
- (A) primary and alternate contacts and phone numbers for responsible staff;
- (B) local emergency contacts and phone numbers;
- (C) OKDHS Incident Command System phone number, 1-800-789-0752; and
- (D) OKDHS direct management contact information, including Office of Communications and area and division management.
- (2) Emergency incident procedures for separate evacuation and sheltering in-place plans, including:
- (A) posted evacuation routes;
- (B) procedures for and locations of assembly areas;
- (C) responsibilities for floor and staff monitors;
- (D) procedures for accounting for staff;
- (E) procedures to determine all clear; and
- (F) designation of an alternate site(s) for operations, which requires local planning for use of another facility in the event the primary facility is damaged.
- (3) Bomb threat procedures, including:
- (A) checklist for the person receiving the call, in accordance with instructions provided on Form 23RS121E, Bomb Threat Aid;
- (B) response and reporting procedures, in accordance with paragraph (1) of this Section; and
- (C) evacuation procedures, in accordance with paragraph (2) of this Section, with the addition of procedures listed in (i) through (iii) of this subparagraph. Staff must:
- (i) visually inspect their work areas and report any unfamiliar or suspicious objects;
- (ii) not move or touch any suspicious item or object; and
- (iii) leave the area when directed.
- (4) Vulnerable clients list, including:
- (A) contact information for vulnerable client;
- (B) physical address of vulnerable client; and
- (C) methods to contact the vulnerable client.
- (5) Vital records list, including:
- (A) type and location of paper vital records that are onsite;
- (B) copies of vital records for backups; and
- (C) system and method for re-creating vital records from other documents.
- (6) Warning system. The warning system used by the office or facility to notify staff and visitors of procedures for outside evacuation, sheltering in-place, and all clear is:
- (A) described in the emergency operating plan; and
- (B) tested according to ISO requirements. Any deficiency in the warning system is corrected immediately upon discovery.
- (7) Special assistance procedures, including:
- (A) list of staff and clients who require special assistance during an evacuation; and
- (B) designation of OKDHS staff to direct special assistance procedures for persons not familiar with the evacuation process.
(f) Business recovery and resumption. The ISO provides assistance at the time of an emergency to develop business recovery and resumption action plans with short-term and long-term scopes.
- (1) The local office provides the needed resources to develop and implement business recovery and resumption action plans. Planning sessions are led by ISO or designee.
- (2) The local office maintains and submits to ISO required logs, journals, and history of the incident, according to the schedules provided by ISO.
- (3) The ISO or designee, within established time frames, conducts a review of the incident and reports the action plans, results, and impacts to the chief information officer and chief administrative officer.
- (4) When deviation from the action plan is required, the local office consults ISO for approval.