Contingency Plan Q2-2023

  • A Contingency Plan (CP) is a process that prepares an organization to respond coherently to an unplanned event. The contingency plan can also be used as an alternative for action if expected results fail to materialize.            A contingency plan is sometimes referred to as “Plan B.―
  • Business Impact Analysis (BIA) is conducted before the development of a CP.BIA Identifies and prioritize business units and assets
    • Recovery Point Objective (RPO)-How much data do you need
    • Recovery time objective (RTO)-How long can you stay offline
  • Contingency Plan components:
    • Initiation Phase – Role and Task
    • Activation phase – Notification steps
    • Recovery Phase – Step for alternate site
    • Reconstruction Phase-Recover original site
    • Appendixes-calling tree- vendor and contact list
  • The CP covers terms like:
    • Backup Type-Incremental, differential and full backup
    • Backup Site – Cold, Warm, and Hot
    • Backup site (Secondary site) should be located far away from the primary site so that both sites are not exposed to the same natural and environmental threats
    • Example of backup tapes service provider: Iron Mountain, Shredit etc.….
    • Sample of CP
    • NIST SP -800-34


  • Contingency Plan needs to be tested at least annually or whenever there is a major change for effectiveness.
  • CP is a living    document and needs to be updated accordingly
  • Type of CP tests
    • Table Tops/ Classroom Exercises – walk through the procedures without any actual recovery operations occurring. Classroom exercises are the most basic and least costly of the two types of exercises and should be conducted before performing a functional exercise.
  • Functional Exercises/Simulated: Functional exercises are more extensive than tabletops, requiring the event to be faked.
  • Other testing terms:
  • Full test
  • Parallel test
  • Partial test

NIST 800-84-Guide to Test, Training, and Exercise Programs 84/SP800-84.pdf

Contingency Plan (Cont.)

Contingency Planning provides instructions, disaster declaration criteria, and procedures to recover information systems and associated services after a disruption through a suite of plans and documents including the Business Impact Analysis (BIA), Continuity of Operations (COOP), Disaster Recovery Plan (DRP), and the Contingency Plan (CP). 

Suite of Plan

CP Process

error: Content is protected !!