Contingency Plan

February 11, 2015

in Contingency Plan

Contingency planning is a process that establishes procedures and actions designed to protect some form of operational status of a system or organization. Since there can be many different forms of operational status of many different kinds of systems and organizations, there are also many different forms of Contingency plans.

Most contingency plans are focused on either preventing disruption from extreme circumstances or quickly recovering from some disruption. Common forms of contingency plans include:

  • Continuity of operations or functions
  • Protection of critical infrastructure or information
  • Emergency evacuation or survival
  • Crisis communications
  • Incident response
  • Disaster recovery

It is less common to use contingency planning for positive events than for negative events. However, it also possible to create forms of contingency plans that prepare to handle positive events, such as:

  • Continuity of growth
  • Expansion
  • Surplus management
  • Knowledge management
  • Process improvement and self improvement
  • Optimizing “Flow” state and seeking serendipity

Most contingency plans are likely to have several of these plan forms, either mixed together into a single plan or as separate elements of a large contingency plan.

Analyzing how an event can impact a system or organization helps to identify what kind or kinds of plans are needed. This involves defining the components that are involved, the functions that they serve and any interdependencies. Priorities must be set and timeframe requirements established for any actions that are needed. Resources that will be needed must be identified and their availability included in the plan.

Contingency plans identify preventative measures that can protect against negative events and proactive measures that can maximize the outcome of positive events. These measures are called “controls” because they attempt to create some level of control over risk factors. For negative events, controls often include alternative and backup resources to replace those lost in a crisis situation. For positive events, controls can include alternative processes and adjustments designed to take advantage of the potential of a positive event.

Making a Contingency Plan
NIST Computer Security

Previous post:

Next post: