Contact

Continuity Authority serves as a reference provider network for cybersecurity continuity professionals, organizations seeking qualified providers, and researchers mapping the structure of the business continuity and cyber resilience service sector. This page identifies the appropriate channels for submitting provider network inquiries, provider corrections, research-related questions, and scope clarifications. Messages unrelated to the site's defined subject matter — cybersecurity continuity, COOP planning, incident response frameworks, and related professional services — fall outside the editorial scope of this office.

How to reach this office

All correspondence directed to Continuity Authority is handled through the administrative contact infrastructure maintained for this reference property. The site operates within a national cybersecurity reference network and does not maintain a physical walk-in office or telephone reception line.

Provider Network submissions, provider inquiries, and editorial corrections are routed through the site's administrative contact form or designated email channel, both of which are accessible from the site footer. Messages submitted through those channels reach the editorial and provider network management team responsible for maintaining the accuracy of the Continuity Providers index and the reference architecture documented in the page.

Requests for formal partnerships, co-provider arrangements, or syndication of provider network data are handled separately from general editorial inquiries and require a structured submission that identifies the requesting organization, its regulatory context, and the nature of the arrangement sought. Organizations operating under frameworks such as NIST SP 800-53 Rev. 5 or FedRAMP authorization are encouraged to identify that context in all formal correspondence.

Service area covered

Continuity Authority operates at national scope, covering the United States. The provider network indexes providers and professional resources across all 50 states, with particular depth in sectors subject to federal continuity mandates — including financial services regulated under the FFIEC IT Examination Handbook: Business Continuity Management, healthcare entities subject to 45 CFR §164.308(a)(7) HIPAA contingency planning requirements, and federal agencies operating under Federal Continuity Directive 1 (FCD-1) as administered by FEMA.

The provider network does not currently index international providers except where a firm maintains a US-licensed or US-headquartered practice that intersects with domestic regulatory obligations. Coverage boundaries reflect the following classification structure:

1. Federal sector — Agencies and contractors bound by FCD-1, CISA guidance, and NIST SP 800-34 Rev. 1 contingency planning standards.
2. Critical infrastructure — Operators in the 16 sectors designated under Presidential Policy Directive 21 (PPD-21), including energy, financial services, and healthcare.
3. State, local, tribal, and territorial (SLTT) — Entities following FEMA Continuity Guidance Circular requirements or state-level emergency management mandates.
4. Private sector (non-critical-infrastructure) — Commercial organizations with continuity programs aligned to frameworks such as the NIST Cybersecurity Framework (CSF) 2.0 or sector-specific insurance or contractual requirements.

Inquiries falling outside these four classifications are reviewed on a case-by-case basis by automated systems.

What to include in your message

Incomplete submissions delay processing and may result in a request being routed to the wrong editorial queue. The following elements are required for all substantive inquiries:

1. Organization name and type — Legal or operating name of the organization, and whether it is a provider seeking provider, an end-user organization seeking a referral resource, or a researcher or journalist.
2. Regulatory context — The primary framework or statutory obligation relevant to the inquiry (e.g., HIPAA, FedRAMP, FFIEC, FCD-1, NIST CSF). This field is mandatory for provider requests.
3. Subject matter specificity — A description of the continuity domain involved: business continuity planning (BCP), disaster recovery (DR), continuity of operations (COOP), incident response integration, identity and access management continuity, or cloud continuity architecture.
4. Nature of the request — Whether the message concerns a new provider submission, a correction to an existing provider, a scope or eligibility question, or a research/editorial inquiry.
5. Contact information — A verifiable organizational email address. Generic free-provider addresses (Gmail, Yahoo, etc.) are accepted for individual researchers but may result in longer processing times for commercial provider requests.

The distinction between a provider request and an editorial inquiry carries practical consequences: provider requests enter the provider network review process, which applies criteria documented in the page, while editorial inquiries are handled by the content team independently of that queue.

Response expectations

The editorial and provider network management team processes submissions according to the following general timeline structure, which reflects the volume and complexity of the national-scope provider network operation:

• General editorial inquiries — Acknowledged as processing allows; substantive response as processing allows.
• Provider submissions — Initial review acknowledgment as processing allows; full eligibility determination as processing allows of a complete submission.
• Correction requests — Acknowledged as processing allows; corrections to verified factual errors published as processing allows following confirmation.
• Research or data inquiries — Response timelines vary based on scope; requests involving bulk data or structured exports require a formal written request and are subject to editorial discretion.

Submissions that do not include the elements described in the preceding section are not guaranteed a substantive response. The volume of inbound inquiries to a national-scope reference provider network requires triage based on completeness and relevance to the site's defined scope.

No submission to this contact channel constitutes legal, regulatory, or professional advice. Determinations about compliance with frameworks such as NIST SP 800-53, HIPAA Security Rule requirements, or FCD-1 obligations require engagement with a qualified continuity or legal professional, whose credentials and practice areas are documented in the Continuity Providers index.

References

• 45 CFR §164.308(a)(7)
• FFIEC IT Examination Handbook: Business Continuity Management
• FedRAMP
• Federal Continuity Directive 1 (FCD-1)
• NIST Cybersecurity Framework (CSF) 2.0
• NIST SP 800-53