What Is A Business Contingency Plan & How To Create One
It is the question that haunts business continuity professionals throughout their careers. Of course, there are a million possibilities that might occur at any time. But creating a business contingency plan at least helps you to prepare for the unknown.
Here, we take a look at the basics of business contingency planning, as well as how to create a plan for your own organization.
What is a business contingency plan?
A business contingency plan is a course of action that your organization would take if an unexpected event or situation occurs.
Sometimes a contingency can be positive—such as a surprise influx of money—but most often the term refers to a negative event that affects an organization’s reputation, financial health or ability to stay in business. Examples of a negative event include fire, flood, data breach and a major IT network failure.
Contingency plans are an important part of your overall business continuity strategy because they help ensure your organization is ready for anything. Many large businesses and government organizations create multiple sets of contingency plans so that a variety of potential threats are well-researched and their responses are fully practiced before a crisis hits.
Think of contingency planning as a proactive strategy, whereas crisis management—the other piece of the business continuity puzzle—is more of a reactive strategy. A contingency plan helps to ensure you are prepared for what may come; a crisis management plan empowers you to manage the response after the incident occurs.
How do I create a business contingency plan?
Creating a contingency plan requires a bit of research and planning. However, working ahead on each plan will be worth it in the long run.
To create a contingency plan for your organization, follow this five-step framework:
1. Identify/prioritize your resources.
First, do a little research throughout your organization to identify and prioritize the resources that your organization cannot do without, such as employees, IT systems, and specific facilities and physical assets.
2. Pinpoint the key risks.
Next, identify the potential threats to these critical resources. Meet with employees, executives, IT and other key personnel to gain a holistic idea of the events that could impact your resources. If necessary, consider bringing in a consultant who specializes in identifying risk.
3. Draft your contingency plans.
Ideally, you would then write out a contingency plan for each of the identified risks. However, it’s best to start with the highest-priority threats—usually those that are most likely to occur and would have the biggest impact. Then, over time you can work toward drafting plans for each lower-priority risk.
As you draft each plan, ask yourself what steps would have to be taken for the organization to resume normal operations. Consider things like communications, employee activity, staff responsibilities and timelines (what needs to happen when). Then, create a step-by-step plan for each risk.
4. Distribute your plans.
Once each plan is completed and approved, ensure that every employee and stakeholder has easy access to it. For this important step, you might consider leveraging an issue and crisis management app, which provides contingency plans and related documents directly to each employee on his or her mobile device.This approach replaces the traditional hard-copy ring-bound folders and ensures that each employee has access to the most recent plan immediately should the worst happen.
5. Maintain each plan.
Be sure to keep each plan updated as your organization goes through changes, such as hirings and firings and the adoption of new technologies. In addition, rehearse implementation with stakeholders on a regular basis to ensure that each team member knows their role.
What contingencies do you think are most likely to affect your organization? How are you currently preparing for them?