Contingency Planning, What Should You be Doing?

What happens when the backup plan fails and everything goes wrong? What’s the contingency plan then? These are questions every legitimate organization needs to be able to answer before disaster strikes. Contingency plans are especially important in regions like South Florida, where a tropical storm, hurricane or water damage may be severe enough to substantially disrupt an organization’s operation. Having a strategic plan already in place is the only way organizations are able to recover from catastrophic circumstances. Identifying the organization’s vulnerabilities and threats is the first step towards crafting a reliable contingency plan.

Identifying Threats and Vulnerabilities

In regards to assessing threats, they are often classified as either being natural, manmade or intentional acts. Natural threats against organizations include hurricanes, floods, tornadoes and earthquakes. Man-made threats typically involve chemical, electrical, radiological or mechanical issues. Intentional acts that can threaten the organization include demonstrations and criminal activity associated with bomb threats, terrorism, cyber attacks and assaults. Contingency plans should aim to identify and reduce the impact of potential threats and vulnerabilities before they ever come to fruition.

Developing a Contingency Plan

According to the Centers of Disease Control and Prevention, another preliminary step in developing a contingency plan is to address any regulatory requirements that may govern the process. Management can benefit from using a business impact analysis to prioritize the processes and critical systems within the organization. Evaluating the impact of disruptive events, recovery priorities and allowable outage durations are a part of this assessment as well. Preventive controls should be identified and implemented in an attempt to minimize the impact of disruptions and lower contingency costs.

Recovering from Disaster

Recovery strategies should be designed to ensure that the critical processes, infrastructure and systems can be restored quickly after disruption occurs. In order to be truly effective, these strategies need to be integrated throughout the architecture of the organization. The organization is more likely to recover from a disruption if the contingency plans contain explicit procedures and guidance. In order to validate and reinforce the plan against potential contingencies, testing and training exercises designed to identify potential liabilities in the execution of the recovery should be routine.

Evaluating the Contingency Plan

Contingency plans should be maintained as living documents and updated regularly to account for new influential factors that could disrupt the organization. At its core, an organization’s emergency preparedness program should be supported by a reliable and comprehensive contingency plan. There are several types of contingency plans organizations should consider, including a disaster recovery plan, a business recovery plan and an occupant emergency plan. The business recovery plan is designed to help an organization restore is business processes after a disaster occurs.

The disaster recovery plan should define procedures for recovering from catastrophic circumstances that can eliminate access to normal operations for an extended time. Occupant emergency plans are used to respond to a potential health or safety threat endangering the property, environment or personnel on the premises. In order to successfully overcome from these types of disruptive events, management can benefit from relying on restoration professionals who understand how to accommodate and support organizations in the midst of recovery.