CSCI, Leading by example!

Search:

Contingency Planning

CSCI follows this process when developing a contingency plan for your organization. By utilizing this systematic process, CSCI can develop a fully NIST compliant contingency plan and process. This will help reduce the likelihood of an incident having an impact on your company.
  1. Develop the contingency planning policy statement.  Policy is a Management Control and therefore, management supports the program and develops the high level procedures for the planning process. The policy should identify the process for planning and coordinating the technical, financial, and management resources needed to ensure the continuity of the business model prior to, during, and after an emergency event of the disruption of services. 
  2.  Conduct the business impact analysis (BIA). Insurance, quality standards (ISO 9000), and general business policy standards help define the method and approach for the Business Impact Analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components for recovery priorities.  During the BIA your RPO/RTO is established on mission critical systems. 
  3.  Identify preventive controls.  Prevention is worth a pound of cure! Preventive control measures are steps taken to reduce the effects of system disruptions that can increase system availability and reduce contingency life cycle costs. Placing an Uninterruptable Power Supply (UPS) on a system is a small step to recovery.
  4.  Develop recovery strategies.  Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.  A methodical flow chart helps in the preparation and planning stages. The flow chart should identify the teams and contingency plan step reference to simplify, what's next!
  5.  Develop an IT contingency plan.  The contingency plan should contain detailed guidance and procedures for restoring a damaged system.  Roles must be identified to address the various areas in a contingency plan (CP); each role plays a vital part regardless of how small the disruption. 
  6.  Plan testing, training, and exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.  This is one of the most deficient areas of a CP, when is the last time you had training on your responsibilities?
  7.  Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.
Copyright 1998-2009 Computer Security Consulting, Inc.