Making a Contingency Plan

February 11, 2015

in Contingency Plan

SEE PREVIOUS ARTICLE: Contingency Plan

The previous article described the basic idea of Contingency Planning and the many different types of contingency plans. This article continues with a description of how to develop a solid contingency plan and what needs to be included in it. As explained in the previous article, it’s important to remember that while most contingency plans address how to handle negative events, they can also be designed to handle positive events.

When a contingency plan is completed, it should contain the following:
CONTINGENCY PLAN ELEMENTS

  • SUPPORTING INFORMATION – that includes background information, definition of scope and any assumptions, a description of the area/process addressed by the plan and resources that are involved, any roles and responsibilities required by the plan
  • OVERVIEW OF PLAN PHASES
    • Activate/Notify – assess the situation, activate the plan, notify contacts
    • Adjust – priority and sequence list, adjustment procedures, maintain/resume/create critical functions
    • Restore – resume normal operations, validate status, perform cleanup, notify contacts
    • Learn and Improve – document, analyze, improve plan
  • PLAN APPENDICES – communications and contact list, notification scheme, impact analysis process, adjustment procedures and checklists, functional testing and validation procedures, inventory lists, backup resources

The main point of contingency planning, for both negative and positive events is to retain resilience in the face of both crisis/catastrophe and success/good fortune. Resilience is the ability to quickly adapt to change. For negative events, the objective is to prevent or offset the potential to disrupt operations. For positive events, the objective is to maximize the gain from the event.

A good prelude is understanding what kind of plan is needed. But if that is unknown, it can be discovered during the process of making a contingency plan, and in some cases the type of plan of combinations of plan types may change as the plan is developed. Contingency planning generally involves the following steps:
CONTINGENCY PLAN PROCESS

  • IMPACT ANALYSIS – This requires characterization of system components, the functions they support and any interdependencies. The objective is to identify which of these is most critical and how any loss or outage will affect the system or organization. Then, the resources that are required can be identified and priorities can be set. For a positive event, instead of analyzing for loss or outage, identify which components and functions can be magnified and how that will affect the system or organization. Resource and priority identification follow.
  • PROACTIVE ADJUSTMENTS (CONTROLS) – Identify risk controls and adjustments that can be made before an event. Implement the controls and make sure they are monitored and maintained. For positive events, the controls and adjustments are designed to maximize potential instead of protect against loss.
  • REACTIVE STRATEGIES – Identify strategies that will help recover when components and functions fail. Replacing components and switching to alternative components or functions should be considered.
    For positive events, identify strategies that deal with maximizing functionality after an event. Remember that it is also possible for a positive event to overwhelm resources in a negative way. Cost considerations are usually a factor in this step.

THE CONTINGENCY PLAN – When the above steps have been completed, the contingency plan can be assembled. It should contain the following steps:

  • Activate and Notify – During this step, an assessment of the event and its ramifications must be done. A list of situations and events, means of monitoring for them, and activation criteria are included. Assessment of the event and the determination of whether the activation criteria have been met should be considered parallel processes. In different cases, they may follow in different orders or simultaneously. Once a plan has been activated, notification procedures describe who needs to be notified, priorities involved, means of notification, and alternate contacts and contact methods.
  • Adjust – Procedures designed to recover from the consequences of a negative event or to maximize the gain from a positive event are documented here. They include a priority and sequence list established during the impact analysis and plans to switch over to alternative components or functions. The objective is to restore the most critical resources first or take advantage of the best opportunities first.
  • Restore – Once the event is completed or under control, attention must turn to restoring functions to a normal state. It is important to validate the restored state of components and functions and the emergency procedures may need to operate in parallel while this is being done. When the validation is complete and normal functioning has been restroed, it may be necessary to perform reverse notifications to the contact list that the contingency plan is being de-activated.
  • Learn and Improve – After each activation and use of the contingency plan, an analysis should be performed to determine how well the plan functioned and how it can be improved. When a plan is not needed for some time, a similar analysis or redesign of the plan should take place.

MAINTAINING THE PLAN – After the contingency plan has been completed and it is ready to be used, a maintenance routine is needed with the following steps:

  • Testing – Test to make sure the plan works as intended.
  • Training/Exercises – Train people and teams to ensure that they know their roles and the correct sequence of actions. Then run exercises to practice until the operation of the plan goes smoothly.
  • Updates – Any results from flaws found in testing and rough spots identified in training and exercises should be corrected and improved and the plan updated. Changing circumtances and operational functions and missions can also create a need for updating and improving the plan

SEE PREVIOUS ARTICLE: Contingency Plan

Previous post:

Next post: