1
1
Contingency and Continuity Planning
In the management of risk, a contingency plan is the answer
to the question What do we do if this occurs? Where a serious
risk exists, management may require its staff to create a con-
tingency plan and add the necessary budget for it as a risk
allowance, with the proviso that it is only to be used if the
risk occurs. Contingency plans provide an outline of deci-
sions and measures to be taken if circumstances should
occur in relation to a specific activity. Contingency plans
generally relate to a planned event, while business continuity
plans relate to services and assets that are already operational
(for example, an unexpected power outage prevents your
customer service department from functioning for some
period of time). In order to ensure that the contingency plan
is properly suited to the business task, some key questions to
be answered include:
Is the plan achievable?
Is there a clearly defined starting point for the plan?
Does the plan address the situation in a timely, cost-effective, consis-
tent way?
When creating the business contingency plan, we suggest including a
plan description as part of the content of the document. This is simply a
brief description of the scope of the activity, planning assumptions made
and used in the development of the plan, prerequisites for implementation
of the plan, and constraints on use of the plan. Information concerning the
event (or incident) that is the trigger for implementation of the contingency
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
