IT Contingency Planning encompasses the measures and preparations made by an organisation, to ensure that they can react appropriately to any extraordinary event which results in severe disturbance to use of their IT and telecommunications infrastructure.
An appropriate response involves having clear plans are in place to ensure that the critical business functions can continue to be performed, using essential IT systems, whilst a serious fault is being resolved. This not only includes having well-defined Incident and Problem Management processes in use for daily operations (see also IT Management), and access to exception handling and emergency escalation procedures but also, if necessary, the provision of replacement systems.
In a broader sense, IT Contingency Planning can also be related to business continuity management across the whole enterprise or organization. Contingency planning for IT and telecommunications should always be embedded into corporate continuity plans, e.g. for buildings or premises, and business continuity plans should be aligned with business objectives
Most organizations depend to a large extent on information technology. This begins with the telephone infrastructure and usually includes employee workstations and file servers. Database systems are often also in use and many organizations need constant and immediate access to them. If these systems support critical business processes, e.g. logistics or manufacturing, disruption of these processes can have immediate negative financial consequences for the organization. Moreover, there may be statutory or regulatory obligations to maintain records, so failures could even lead to criminal or civil consequences for management.
A weakness in, or complete lack of, IT contingency plans, leading to a long process downtime, could easily threaten the organization?s existence.
The first part of preparation to cope with an emergency is to plan for the continued operation of the organization's business. Only then are the contingency plans for IT facilities designed and built. This ensures that IT contingency plans are based on business needs.
In some circumstances it may also be useful to create IT contingency plans independently of business continuity planning. In such cases, the dependency on IT computer and telecommunications of the business processes of individual parts of the company should first be assessed.
One of our initial tasks is always to identify the dependencies between business processes and IT. This usually takes the form of a Business Impact Assessment (BIA).
The next step is to determine which measures are already in place for the IT organisation and to document and analyse any technical constraints. Companies often lack necessary guidelines and requirements, so they must first be created. What extent these regulations assume, is aimed solely to the needs of the company regarding formalization and control density.
The organisation?s Contingency Plan will be the result of this analysis and of any required controls.
Based on this, actions to be taken are identified and prioritized and an implementation timetable is drawn up.
The implementation work is generally performed as part of a project and is divided into the development of organizational goals and the actual implementation itself. Employee training is also part of implementation. After implementation, a practice run should be carried out using the Contingency Plan. This exercise should be carefully monitored. The results should be used to improve the Contingency Plan in a first revision cycle.
Contingency plans must be regularly tested and updated as necessary. We can work with you to decide the frequency that best suits your business during preparation of the Contingency Planning Manual.
With the right contingency plans in place, you will be prepared for the possibility of serious unforeseen events that could limit or even prevent use of your IT systems. Clear planning and prioritization means that everyone involved in the emergency knows exactly who needs to do what to limit any possible damage. You can gain both the time and space needed to manage the situation professionally and to target those aspects of the incident that cannot be predicted or planned for.
|IT Contingency Planning|
|•||Critical systems recognize|
|•||Critical systems restore|
|Organisational contingency plans encompass|
|•||Professional response to catastrophic events|
|IT contingency planning in practice|
|•||Building the incident-response organisation|
|•||Processes to be restarted|
|•||Short recovery times|
|•||Professional response to disasters|