Plan

Contingency management plan

This plan sets out how the Goa Football Development Council (GFDC) will continue to deliver — or rapidly restore — this website in the event of a disruption.

1. Scope

The plan covers disruptions to the public-facing website at gfdc.goa.gov.in, including its underlying server, network, content store and the third-party services it depends on (translation widget, fonts, external portals it links to).

2. Identified risks

  • Hardware or hosting failure
  • Network outage affecting the data centre
  • Software defect introduced by a release
  • Cybersecurity incident (defacement, denial-of-service, data breach)
  • Loss or corruption of content store
  • Failure of a third-party service the site depends on
  • Natural disasters affecting the hosting facility

3. Preventive measures

  • The site is hosted on infrastructure that meets the standards prescribed by the National Informatics Centre (NIC) and CERT-In
  • Full daily backups of content and code, retained for at least 30 days, with a weekly snapshot retained for 12 months
  • All changes pass through a staging environment before reaching production
  • An annual vulnerability assessment and penetration test is performed by a CERT-In empanelled auditor
  • HTTPS with current TLS protocols is enforced site-wide
  • Operating-system and dependency patches are applied within seven days of release for high-severity issues

4. Detection

Continuous uptime probes from multiple regions raise an alert if the site becomes unreachable. Server access logs are reviewed for unusual error rates. Visitor reports through the feedback form or by email are treated as a detection channel.

5. Response

  1. Acknowledge — the duty engineer acknowledges within the response time defined in the Website Monitoring Plan.
  2. Contain — for security incidents, the affected service is isolated and CERT-In is notified within the legally mandated timeframe.
  3. Communicate — a holding page is displayed at the public URL informing visitors of the disruption and giving an estimate of restoration. Telephone and email contact channels remain available throughout.
  4. Recover — service is restored from the most recent good backup. The Recovery Time Objective (RTO) is 4 hours and the Recovery Point Objective (RPO) is 24 hours.
  5. Review — a written post-incident review is produced within ten working days and corrective actions are tracked to closure.

6. Roles and responsibilities

Web Information Manager
Overall accountability for invoking this plan and for citizen communication.
System administrator
Executes recovery procedures, coordinates with the hosting provider and applies fixes.
Security officer
Leads incident response for any security-related disruption and liaises with CERT-In.

7. Testing the plan

A restoration drill is performed at least once a year. A simulated cyber-incident table-top exercise is held annually. Findings from each exercise are folded back into this plan.

8. Reporting a disruption

If you cannot reach this site or notice that it is behaving abnormally, please call +91 9552502304 or write to contact[at]gfdc[dot]in.

Last reviewed: