saush02,
That is a very common question that I have experienced when deploying CA PAM. The answer really depends in enterprise's security requirements. Some of the sites that I have worked with have created master accounts for each of their primary systems (LDAP, TACACs, Linux, SQL...) and set these accounts up in PAM with Password View Policies that do not rotate the account, then they have had a designated 'Trusted Agent' print or copy these accounts and passwords, store them in a security envelope in a safe or sufficiently secured area that meets enterprise security requirements.
Others have used the Credentials Management command line tools (Reference the CA-PAM_CM_Implementation_Guide-v2.pdf) to export specific accounts on a regular basis and save them, while keeping the password expiration implemented and updating their break glass accounts according to the credential rotation schedule. This is really something that needs to be discussed internally within the organization.
Proper deployment and management of PAM can help reduce outages with cluster replication, and true redundant systems for management (i.e. power, infrastructure, alternate site..etc.).
v/r
David