Q: What is a Contingency Plan?
A: A Contingency Plan is a course of action designed to help an organization respond effectively to a significant event or situation that may or may not happen.
Q: How can I develop a Contingency Plan?
A: Use the following steps to develop a Contingency Plan:
- Develop the contingency planning policy statement
- Conduct the business impact analysis (BIA)
- Identify preventive controls
- Create contingency strategies
- Develop an information system contingency plan
- Ensure plan testing, training, and exercises
- Ensure plan maintenance
Q: What is a Disaster Recovery Plan?
A: A Disaster Recovery Plan is the area of security planning that deals with protecting an organization from the effects of significant negative events. Significant negative events can include: crippling cyber attacks, hurricanes, earthquakes, and other natural disasters.
Q: How can I develop a Disaster Recovery Plan?
A: Use the following steps to develop a Disaster Recovery Plan:
- The company shall develop a comprehensive IT disaster recovery plan
- A formal risk assessment shall be undertaken to determine the requirements for the disaster recovery plan
- The disaster recovery plan should cover all essential and critical infrastructure elements, systems and networks, in accordance with key business activities
- The disaster recovery plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed
- All staff must be made aware of the disaster recovery plan and their own respective roles
- The disaster recovery plan is to be kept up to date to take into account changing circumstances