Q: What is a Contingency Plan?

A: A Contingency Plan is a course of action designed to help an organization respond effectively to a significant event or situation that may or may not happen.

Q: How can I develop a Contingency Plan?

A: Use the following steps to develop a Contingency Plan:

  • Develop the contingency planning policy statement
  • Conduct the business impact analysis (BIA)
  • Identify preventive controls
  • Create contingency strategies
  • Develop an information system contingency plan
  • Ensure plan testing, training, and exercises
  • Ensure plan maintenance

Q: What is a Disaster Recovery Plan?

A: A Disaster Recovery Plan is the area of security planning that deals with protecting an organization from the effects of significant negative events. Significant negative events can include: crippling cyber attacks, hurricanes, earthquakes, and other natural disasters.

Q: How can I develop a Disaster Recovery Plan?

A: Use the following steps to develop a Disaster Recovery Plan:

  • The company shall develop a comprehensive IT disaster recovery plan
  • A formal risk assessment shall be undertaken to determine the requirements for the disaster recovery plan
  • The disaster recovery plan should cover all essential and critical infrastructure elements, systems and networks, in accordance with key business activities
  • The disaster recovery plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed
  • All staff must be made aware of the disaster recovery plan and their own respective roles
  • The disaster recovery plan is to be kept up to date to take into account changing circumstances