A Contingency Plan (CP) is a process that prepares an organization to respond coherently to an unplanned event. The contingency plan can also be used as an alternative for action if expected results fail to materialize. A contingency plan is sometimes referred to as “Plan B.―
Business Impact Analysis (BIA) is conducted before the development of a CP.BIA Identifies and prioritize business units and assets
Recovery Point Objective (RPO)-How much data do you need
Recovery time objective (RTO)-How long can you stay offline
Contingency Plan components:
Initiation Phase – Role and Task
Activation phase – Notification steps
Recovery Phase – Step for alternate site
Reconstruction Phase-Recover original site
Appendixes-calling tree- vendor and contact list
The CP covers terms like:
Backup Type-Incremental, differential and full backup
Backup Site – Cold, Warm, and Hot
Backup site (Secondary site) should be located far away from the primary site so that both sites are not exposed to the same natural and environmental threats
Example of backup tapes service provider: Iron Mountain, Shredit etc.….
Sample of CP
NIST SP -800-34
CONTINGENCY PLAN TEST
Contingency Plan needs to be tested at least annually or whenever there is a major change for effectiveness.
CP is a living document and needs to be updated accordingly
Type of CP tests
Table Tops/ Classroom Exercises – walk through the procedures without any actual recovery operations occurring. Classroom exercises are the most basic and least costly of the two types of exercises and should be conducted before performing a functional exercise.
Functional Exercises/Simulated: Functional exercises are more extensive than tabletops, requiring the event to be faked.
Contingency Planning provides instructions, disaster declaration criteria, and procedures to recover information systems and associated services after a disruption through a suite of plans and documents including the Business Impact Analysis (BIA), Continuity of Operations (COOP), Disaster Recovery Plan (DRP), and the Contingency Plan (CP).