Alternate Processing Site

Alternate processing sites are geographically distinct from primary processing sites and provide processing capability if the primary processing site is not available. The alternate processing capability may be addressed using a physical processing site or other alternatives, such as failover to a cloud-based service provider or other internally or externally provided processing service. Geographically distributed architectures that support contingency requirements may also be considered alternate processing sites. Controls that are covered by alternate processing site agreements include the environmental conditions at alternate sites, access rules, physical and environmental protection requirements, and the coordination for the transfer and assignment of personnel. Requirements are allocated to alternate processing sites that reflect the requirements in contingency plans to maintain essential mission and business functions despite disruption, compromise, or failure in organizational systems.

an alternate processing site, including necessary agreements to permit the transfer and resumption of system operations for essential mission and business functions, is established within time period when the primary processing capabilities are unavailable; the equipment and supplies required to transfer operations are made available at the alternate processing site or if contracts are in place to support delivery to the site within time period for transfer; the equipment and supplies required to resume operations are made available at the alternate processing site or if contracts are in place to support delivery to the site within time period for resumption; controls provided at the alternate processing site are equivalent to those at the primary site.