This Content Component encountered an error
Definition

contingency plan

A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen. 

A contingency plan is sometimes referred to as "Plan B," because it can be also used as an alternative for action if expected results fail to materialize. Contingency planning is a component of business continuity, disaster recovery and risk management.

The seven-steps outlined for an IT contingency plan in the NIST 800-34 Rev. 1 publication are:

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business functions.

3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.

5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.

6. Ensure plan testing, training and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.

7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.

See a discussion of what a contingency plan is and is not:

This was last updated in September 2015

Continue Reading About contingency plan

Join the conversation

14 comments

Send me notifications when other members comment.

Please create a username to comment.

the contingency
Cancel
is a conspiracy
Cancel
that the government plotted wearily
Cancel
To hit, or not to hit. 
Cancel
Dost thou ever miss?
Cancel
I suppose it not. You have a male love interest,
Cancel
 yet I would wager he does not kiss thee (Ye olde mwah).
Cancel
Furthermore; he will find another lass like he won't miss thee. 
Cancel
And at the end of it all. He is going to skrrt, and he will hit that dab,
Cancel
and he will hit that dab, as if he were the man known by the name of Wiz Khalifa
Cancel
Ḇ̶̧̜̤̱̦͈͉̎̍͋͋͋r̶̥̹͚͕͚̠̖̣͚̀͋͆͒̾̂̊̊͐̀͘u̵̟̪͍̤̯̻̞̝͓͍̱͔͂̃̅̄̿̾̌͐̎̽̀̽̂̕ǔ̷̗̯͎̲̭̫͙͛͆̐͛͑̿̈́̂̚̚ͅu̴̼̼͍̻̲͇̬̾̐͌̀͌͒̀͒͆̈́͊̇ṵ̴̬̮̤̼̪̳̺͕̜̲̦̖̋̿̄̈̿͐̈́͠ư̶͕͈̻͚͖͙͕̫̜̑̃̇̋̽͘͜͝ų̸̺̘̈́̐͛ͅų̸̻͈̜͓̫͎̫͙̖̟̦̌̃̈͊̊̒̅ͅṵ̴͉͚͔͕͕̙̭͚̠̮̄̂̈͂̂́͌͘u̴̡̥̥̮͔͕̤̙͔̹͐͗͊̀̒ṵ̶̭̱͖͓̠͙͗̀̍̈́̍͜ų̷̠̮͓͈͔͍̯͔̖̳̘̿́͌̌̕ư̴̢̯͓̠̲̤͙̝͚̬̤͓͒̈̑͐̌̋͒͛͒̐̒̕͠ͅȗ̶̢̝͍̤̭̳̫̗̰͛̉̄̾͂̾̇̅ͅͅù̶̡̪̘͚͇̗̥̘͇͚̱̖̊̉̾ū̶͉͖u̸̢̢̺̰̝̻̱͇͉̘̾̈́̈́̑̈̒͘ͅu̷̢̡͔͉̞͊͐ư̸̮̩̞͙̪̝̮̻̤̤͋̎̽͋̍̎̏͋̅̐͆̈́̄u̵̢̧͇̞͓͎̻̺̫͙̘͎̞̗͊̕ư̵̠͝ȕ̸̧̬̼̱̱̩͔̣̝͔̟̜̞͇̕ư̵̘̩͇̠̻͙͖̗̳̜̿̈́̔̒̓h̷͍͓̪͇̹̭̆͂͑̀̅̄̂̂̾͊̓͊̓͝h̷̡̛̛̛̙͉̿͗̀̃͋͑̐͋͑̒͜͠ͅḩ̴̩̊͆̿̋̅̿̓̑͂̋̄͒̇͜h̸̢̫͕̦̖̉͛̌̄̓̽̕h̸̲͎̩̋̏̃̉̈́͛͝ḣ̸̢̡͔̘̮̳̯̯̅̐͐̕͠h̴͖̰͎̣̱̝̞̟̙̯̱͖͓̭̅̆͐̒͝͝ḩ̴̫̭̮̦̺̩͉̉ͅ  repetition is 


grammatically incorrect
Cancel
Give it up folks, einstein over here has something to say. What's that buddy? Wha- A grammatical error?!? WHAT?!? B... Bu... That can't be possible! Surely not! A GRAMMAR MISTAKE? IN MY SIGHT?!? What a great, absolute miracle that you and your 257 IQ Brain was here to correct it!
Cancel
Thank you! Have my grattitude, Actually, What's your cashapp? I'd like to give you 20$... Know what? While we're at it have the keys to my car. Actually, no, scratch that. Have the keys to my house, go watch my kids grow up and f*ck my wife.
Cancel
 Also, my Paypal username and password is: Ilikesmartazzes4 and 968386329. Go have fun. Thank you for your work.
Cancel

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close