Overview#Contingency Planning is planning for an Unfortunate event and consists of three separate categories:
Continuity Management#Continuity management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disaster in the first instance.
Continuity management is so important that many organizations will not do business with IT service providers if contingency planning is not practiced within the service providers organisation. It is also a fact that many organizations that have been involved in a disaster where their contingency plan failed, ceased trading within 18 months following the disaster.
Continuity management is regarded as the recovery of the IT infrastructure used to deliver IT Services, but many businesses these days practice the much further reaching process of Business Continuity Planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur.
Continuity management involves the following basic steps:
- Prioritizing the businesses to be recovered by conducting a Business Impact Analysis (BIA)
- Performing a Risk Assessment (aka Risk Analysis) for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service.
- Evaluating the options for recovery
- Producing the Contingency Plan
- Testing, reviewing, and revising the plan on a regular basis
Continuity Management and IT Security#Continuity Management (and contingency planning, business continuity and Disaster Recovery) is an integral part of IT security and Risk Assessment. Inadequate contingency planning is regarded as a risk to the business, and is often overlooked until it is too late, when a Cybersecurity or other breach results in the loss of supporting IT systems.
Continuity Management is a complex area, but fortunately a methodology and tool has evolved to greatly simplify it.Availability Management. This is the practice of identifying levels of Service Delivery availability for use in Service-Level Agreement Reviews with Customers.