Contingency planning (CP) refers to planning activities that are associated with preparation for and recovering from an outage of an organization’s information system. CP activities could result from disasters or mishaps that are in the form of either man-made or natural disasters. Whether an organization faces a devastating hurricane, a critical communication line being severed, or the organization is the target of a cyber attack; the relevant CP is crucial to ensure that a readiness plan is in place to guide the organization during an emergency. It is imperative to understand that the key to any CP activity is the protection of human life, with focus on business continuity taking place after this key factor is satisfied. At the center of any continuity planning exercise is the question, “Does your organization posses the adequate technical and organizational knowledge to restore the business operation to normalcy?” This course will primarily equip you with the tools to thoroughly address this critical question.
This in-depth training will define the following seven-step contingency planning process that an organization may apply to develop and maintain a viable contingency planning program for their information systems in accordance with industry standards. The seven progressive steps outlined below are designed to be integrated into each stage of the information system development life cycle applicable to any organization. Timely resumption of business operations demonstrates to stakeholders a comprehensive enterprise commitment to business sustainability and continuity.
- Develop the contingency planning policy statement. A formal CP provides the authority and guidance necessary to develop an effective contingency plan.
- Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes. A template for developing the BIA is provided to assist the user.
- Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce CP life cycle costs.
- Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
- Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
- Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
- Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.
This training will provide real CP scenarios and will address critical questions about Confidentiality, Integrity, and Availability (CIA) of an information system during unusual times. This before, during, and after approach will provide information, understanding, and applications to assist you and your team in developing, implementing and maintaining a contingency program that will ensure a resilient information system.
Who should attend?
Business Continuity Planners / Managers
Crisis Incident Planners / Managers
Emergency Planners / Managers
Human Resource Managers
IT / IS Managers
System engineers and architects
Property / Facilities Managers
Raymond C. Wells Phd.