It’s the question that haunts any business continuity professional throughout his or her career. Of course, there are a million possibilities that might occur at any time. But creating a business contingency plan can at least help you to prepare for the unknown.
Here, we take a look at the basics of business contingency planning, as well as how to create a plan for your own organization.
What is a business contingency plan?
A business contingency plan is a course of action that your organization would take if an unexpected event or situation occurs. Sometimes a contingency can be positive—such as a surprise influx of money—but most often the term refers to a negative event that affects an organization’s reputation, financial health or ability to stay in business. These include a fire, flood, data breach, major network failure and more.
Contingency plans are an important part of your overall business continuity strategy because they help ensure your organization is ready for anything. Many large businesses and government organizations create multiple sets of contingency plans so that a variety of potential threats are well-researched and their appropriate responses are fully practiced before a crisis hits.
Think of contingency planning as a proactive strategy, whereas crisis management—the other piece of the business continuity puzzle—is more of a reactive strategy. A contingency plan helps to ensure you are prepared for what may come; a crisis management plan empowers you to manage the response after the incident occurs.
How do I create a business contingency plan?
Creating a contingency plan requires a bit of research and planning. However, working ahead on each plan will be worth it in the long run.
To create a contingency plan for your organization, follow this five-step framework:
Identify/prioritize your resources.
First, do a little research throughout your organization to identify and prioritize the resources that your organization cannot do without, such as employees, IT systems, and specific facilities and physical assets.
Pinpoint the key risks.
Next, identify the potential threats to these critical resources. Meet with employees, executives, IT and everyone in between to get a holistic idea of the events that could impact your resources. If necessary, consider bringing in a consultant who specializes in identifying risk.
Draft your contingency plans.
Ideally, you would then write out a contingency plan for each of the identified risks. However, it’s best to start with the highest-priority threats—usually those that are most likely to occur and would have the biggest impact. Then, over time you can work toward drafting plans for each lower-priority risk.
As you draft each plan, ask yourself what steps would have to be taken for the organization to resume normal operations. Consider things like communications, employee activity, staff responsibilities and timelines (what needs to happen when). Then, create a step-by-step plan for each risk.
Distribute your plans.
Once each plan is completed and approved, ensure that every employee and stakeholder has easy access to it. For this important step, you might consider leveraging a mobile business continuity app, which provides contingency plans and related documents directly to each employee on his or her mobile device. This approach does away with the traditional hard-copy planning method and ensures that each employee has access to the most recent plan, both before and during a crisis.
Maintain each plan.
Be sure to keep each plan up to date as your organization goes through changes, such as hirings and firings and the use of new technologies. In addition, rehearse it with stakeholders on a regular basis to ensure that each key player knows his or her role.
What contingencies do you think are most likely to affect your organization? How are you currently preparing for them?