Browse Definitions :
Definition

contingency plan

This definition is part of our Essential Guide: Disaster prevention and mitigation strategies: Strike early and often

A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen. 

A contingency plan is sometimes referred to as "Plan B," because it can be also used as an alternative for action if expected results fail to materialize. Contingency planning is a component of business continuity, disaster recovery and risk management.

The seven-steps outlined for an IT contingency plan in the NIST 800-34 Rev. 1 publication are:

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business functions.

3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.

5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.

6. Ensure plan testing, training and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.

7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.

See a discussion of what a contingency plan is and is not:

This was last updated in September 2015

Continue Reading About contingency plan

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

the contingency
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

SearchSecurity

  • Payload (computing)

    The term payload, when used in the context of networking or telecommunications, is the data carried inside of a packet (or other ...

  • access control

    Access control is a security technique that regulates who or what can view or use resources in a computing environment.

  • ethical hacker

    An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to ...

SearchHealthIT

SearchDisasterRecovery

  • virtual disaster recovery

    Virtual disaster recovery is a type of DR that typically involves replication and allows a user to fail over to virtualized ...

  • tabletop exercise (TTX)

    A tabletop exercise (TTX) is a disaster preparedness activity that takes participants through the process of dealing with a ...

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a data center.

SearchStorage

  • storage at the edge

    Storage at the edge is the collective methods and technologies that capture and retain digital information at the periphery of ...

  • Flash Storage

    Flash storage is any type of drive, repository or system that uses flash memory to keep data for an extended period of time.

  • optical disc

    An optical disc is an electronic data storage medium that can be written to and read from using a low-powered laser beam.

Close