What is a contingency plan? It is a plan of action that is put in place in the case of an event occuring in the future that would be harmful to the business.
A contingency plan is also known as “Plan B” Or “Back-up Plan”. The saying “Fail to Prepare, Prepare to Fail” comes into truth here. If a company does not have a contingency plan in place they are essentially setting themselves up to fail. Contingency planning is closely tied with risk management and crisis management planning. It should be clear and have detail. You can choose to have a specific plan like an environmental contingency plan or keep it broad to cover all aspects of the organisation. Your contingency plan shouldn’t just be tick the box it should add value to your organisation.
Table of Contents
The Importance of a Contingency Plan
It is great to know what a contingency plan is but even better to know the benefits it can bring to your business. They provide much needed structure in unprecedented times. In more recent years, with cyberattacks and pandemics, businesses are learning the importance of “Back-up” plans. According to Statista, 49% of businesses in the UK in 2018 had an effective contingency plan in place to deal with the most disruptive breach or attack.
A contingency plan does take a lot of time but it is invaluable to your organisation when unexpected events occur. Whether the issue is big or small, a well-structured plan will make solving the problem much easier and faster. A few benefits of having a plan in place are;
Increased Reaction Time
The speed at which your organisation recovers from a disturbance, whether major or minor, will determine your place among the competition and the size of the financial loss that is endured. A plan allows you to react faster to unexpected events therefore minimizing the impact it has on your organisation. Time isn’t wasted delegating roles and figuring out how to tackle the problem as it has already been practised beforehand.
Having a backup plan for all your organisation’s operations will ensure that they are safe in any eventuality. Resources are vital to the everyday running to a business so it is important that they are taken care of.
A cyberattack on your organisation could potential cause databases to be wiped out and client information to be leaked, both are highly serious and could cause long delays for the business. This would give the organisation a very bad reputation for being unorganised and they may lose customers as a result.
Panicking makes a problem worse and thinking rationale goes out the window in times of trouble. Having a “Plan B” at your disposal makes sure that problems are solved in the most efficient way. When people have practised the procedures they will be more confident in taking on the problems that occur unexpectedly.
As previously discussed, an attack on your IT systems could cause client information to be leaked. This would be a severe breach of GDPR and could end with the company being sued. If a back-up plan was put in action in order to combat such attacks this would reduce financial costs such as fines, lawsuits, loss of clients, replacement of equipment and so on.
Ensures the Continuity of the Business
A back-up plan helps an organisation to recover from an unexpected event. If there is less time spent in mitigating the problem the business won’t be hit with a huge financial price to pay. Unexpected events that cannot be solved quickly drain a companies time and finances and could cause an organisation to eventually cease operation.
What is a Contingency Planning Process
Now that we have answered “What is a contingency plan?” the next thing to know is what is the process involved in creating one. A contingency planning process is the set of steps that are followed in order to create a successful and realistic plan. Let’s look at an example of how you would go about creating your own.
Step 1: Identify what are the key and critical functions of the organisation. Ask yourself “could the business cope without X,Y,Z?” If the answer is no these become your businesses critical functions.
Step 2: Once you have recognised the key functions of the organisation you must then identify the risks that may impact the businesses functions.
Step 3: Now that you know the risks that may occur on your organisation’s critical operations you need to prioritise them with ones that are more likely to occur at the top and ones that have a very low probability of occuring at the bottom.
Step 4: Once you have identified the potential risks to your business you can then begin creating the actual contingency plan itself. For every risk that you have spotted you need to have a plan in place to counteract it.
Step 5: It is important clearly specify who is in charge if an incident occurs and what exact role they’ll play by appointing leaders to specific issues. This will ensure that the procedure will run smoothly and there’ll be no confusion around who does what.
Step 6: What good is a plan that doesn’t work? It is vital that you do a run-through of the plan with everyone involved in the organisation, especially running through high risk scenarios. This will allow everyone to feel more confident at following the contingency plan in a real-life situation and will also expose any flaws in the plan.
Step 7: Do not forget about your contingency plan. An organisation’s key operations may change from time to time therefore your “back-up” plan should change with it and be updated continuously. For example, the impact of Covid-19 would have been added to many organisations contingency plans at the beginning of 2020.
Phases of a Contingency Plan
An incident you have prepared for in your contingency plan has occurred. Here are a few steps to follow to ensure you get the most out of your plan. We will use the example of IT systems breaking down due to a cyberattack to demonstrate this.
- Notify all members of the organisation of the incident that has occured. The database and IT team leaders should be notified first so they can begin putting the contingency plan in place as soon as possible.
- All IT systems should be updated and backed-up. If the organisation strictly follows their contingency plan the procedure will be much quicker. The IT team will reboot the systems in order to get operations running again.
- Work resumes as usual with less disruptions caused due to the efficiency of the contingency plan being in place and minimal work is lost on IT systems.
- After a contingency plan has been put into real-life practice it is important to review what went well and what needs work in the plan. This is the best way to spot improvements needed and to make amendments to the plan. In this example, not everyone may have had their computers backed-up therefore lost progress and time in trying to recover their work. In order to prevent this in the future management should ensure that a weekly backup is done on systems.
Contingency Plan Metrics
Companies use many different types of metrics to measure the recovery time in an unexpected even. Two of the most used metrics would be RTO and RPO.
RTO-Recovery Time Objective-This metric measures the maximum time it should take for the organisation to resume normal operations after an unexpected event. An organisation might give themselves a RTO for 10 hours to recover non-critical data that has been lost as it doesn’t have a serious impact on the businesses day-to-day operations.
RPO-Recovery Point Objective-This metric allows you to see how the maximum amount of data your organisation can afford to lose without it having an impact on your business. An organisation may give themselves a RPO of 2 hours to recover important data that has been subject to a cyberattack as the longer it takes the bigger the impact it will have on the business.
A contingency plan is without a doubt an invaluable asset to your orginatiation. They can be time-consuming to make but when done properly your plan will save your organisation time in the future if an unexpected event occurs. Whether you use your plan or not it will be an investment you will not regret.
Key Elements of a Contingency Plan: Preparedness Beyond the Basics
While outlining the 7 steps and importance of contingency planning is crucial, diving deeper into its key elements ensures your readers understand how to actually build an effective plan. Here’s a breakdown of crucial components to cover:
1. Emergency Procedures:
- Define triggering events: Clearly list the specific events or situations that would activate your contingency plan. Examples include power outages, natural disasters, data breaches, cyberattacks, key personnel injury, or supply chain disruptions.
- Identify key decision-makers: Establish a clear chain of command, defining who is responsible for making critical decisions during an emergency.
- Develop response protocols: Outline specific actions to be taken for each type of emergency, including evacuation procedures, security measures, damage control steps, and communication protocols.
- Establish recovery procedures: Define the steps needed to resume normal operations after the emergency subsides, including data recovery, infrastructure repairs, and employee reintegration.
2. Backup Resources:
- Identify critical assets: List all essential equipment, facilities, data, and personnel crucial for business continuity.
- Develop backup systems: Ensure critical data is backed up regularly at a remote location or in the cloud. Consider alternative energy sources and communication tools in case of outages.
- Maintain supplier and vendor relationships: Build strong relationships with backup suppliers and vendors to ensure access to resources needed during a crisis.
- Secure insurance coverage: Evaluate and acquire appropriate insurance to cover potential losses due to emergencies.
3. Communications Protocols:
- Define communication channels: Establish primary and secondary communication channels for internal and external communication during an emergency. This may include email, phone, text messaging, social media, and designated physical meeting points.
- Identify key stakeholders: List all internal and external parties who need to be informed during an emergency, including employees, customers, investors, partners, and authorities.
- Develop communication templates: Prepare pre-written templates for communication messages tailored to different stakeholders and emergency situations.
- Practice communication drills: Regularly conduct communication drills to ensure everyone understands their roles and responsibilities during a crisis.
Testing Your Contingency Plan: Building Confidence Through Simulations and Drills
A well-crafted contingency plan is only as effective as its execution during an actual crisis. Testing your plan regularly through simulations and drills ensures its validity, identifies potential weaknesses, and prepares your team for real-world scenarios. Here are some key methods to consider:
- Tabletop Exercises: Gather key personnel to discuss hypothetical scenarios based on potential risks outlined in your plan. Encourage open discussion, identify communication gaps, and practice decision-making processes.
- Virtual Simulations: Utilize online platforms or software to simulate realistic emergency situations and test team responses. These can offer diverse scenarios and involve a larger number of participants compared to tabletop exercises.
- Risk-Based Scenarios: Focus simulations on specific high-probability or high-impact risks identified in your plan. This allows for in-depth testing of specific procedures and responses.
- Evacuation Drills: Regularly conduct realistic evacuation drills to ensure everyone knows the evacuation routes, assembly points, and emergency procedures.
- Communication Drills: Practice using your defined communication channels and protocols to disseminate information and manage communication flow during a simulated emergency.
- Functional Drills: Test specific aspects of your plan, such as backup systems, security protocols, or data recovery procedures, in a controlled environment.
Additional Testing Tips:
- Set clear objectives: Define specific goals for each test, focusing on evaluating specific elements of your plan.
- Involve diverse stakeholders: Include representatives from different departments and roles to ensure all perspectives are considered.
- Document findings and lessons learned: Debrief after each test, identify areas for improvement, and update your plan accordingly.
- Schedule regular testing: Aim to conduct simulations at least annually and fire drills more frequently depending on the nature of your risks.
- Seek feedback from external experts: Consider working with risk management professionals for professional evaluation and improvement suggestions.
Remember: Testing your contingency plan is not a one-time event, but an ongoing process essential for building confidence and ensuring preparedness in your team. By incorporating various testing methods and continuously refining your plan, you can empower your organization to respond effectively to any crisis situation.
While contingency plans, disaster recovery plans, and crisis management strategies all aim to address challenges and disruptions, they have distinct purposes and functionalities:
- Focus: Proactive approach to identify and prepare for potential disruptions of varying severities and impacts.
- Scope: Covers a wider range of potential issues, from minor incidents (e.g., power outages) to major crises (e.g., natural disasters).
- Content: Outlines response protocols, communication strategies, and resource allocation for various scenarios.
- Example: A company might have a contingency plan for handling server outages, including backup procedures, communication to stakeholders, and recovery timelines.
Disaster Recovery Plan:
- Focus: Reactive approach to regaining normal operations after a major disaster or critical event.
- Scope: Primarily concerned with large-scale disruptions that significantly impact infrastructure and operations.
- Content: Details specific steps for restoring critical systems, data recovery processes, and business continuity procedures.
- Example: A hospital might have a disaster recovery plan for a major earthquake, outlining evacuation procedures, data backup restoration, and alternative facility setup.
Crisis Management Plan:
- Focus: Managing external communication and reputation during a crisis while minimizing negative impacts.
- Scope: Primarily addresses crises that can harm public perception, brand image, or employee morale.
- Content: Defines communication strategies for various stakeholders, media relations protocols, and damage control measures.
- Example: A company facing a product recall might have a crisis management plan outlining communication with customers, press releases, and internal messaging strategies.
- Trigger: Contingency plans address a wider range of potential issues, while disaster recovery and crisis management are triggered by specific major events.
- Planning Focus: Contingency plans focus on preparedness and response actions, while disaster recovery plans focus on restoration and business continuity, and crisis management focuses on communication and image control.
- Level of Detail: Contingency plans provide a broader overview, while disaster recovery and crisis management plans are more detailed and specific to the respective threats.
Remember: These plans are often interconnected and work together. A comprehensive approach involves having strong contingency plans to identify and prepare for potential issues, robust disaster recovery plans to mitigate the impact of major events, and effective crisis management strategies to protect your reputation during challenging situations.
Expert Quotes Highlighting the Importance of Contingency Planning:
1. “Failing to plan is planning to fail.” – Alan Lakein, Time Management Author
This emphasizes the crucial role of proactive planning in avoiding negative outcomes.
2. “Contingency planning is simply being smart… It doesn’t take a fortune, but it can save one.” – James C. Witte, Author & Risk Management Expert
This highlights the cost-effectiveness and potential benefits of having a contingency plan.
3. “The only constant in life is change. The ability to adapt to changing circumstances… is the key to survival.” – Charles Darwin, Scientist
This underscores the importance of flexibility and preparedness embodied in contingency planning.
4. “If you don’t know where you are going, any road will get you there.” – Lewis Carroll, Author
This emphasizes the need for direction and foresight, which contingency plans provide.
5. “By failing to prepare, you are preparing to fail.” – Benjamin Franklin, Founding Father of the United States
This reiterates the consequences of neglecting contingency planning.
6. “The best way to predict the future is to create it.” – Peter Drucker, Management Consultant
This reinforces the proactive and empowering nature of contingency planning.
7. “Hope is not a strategy. Contingency planning is.” – Christine Lagarde, President of the European Central Bank
This emphasizes the need for concrete action over wishful thinking for managing risks.
8. “An ounce of prevention is worth a pound of cure.” – Benjamin Franklin
This underscores the cost-saving and efficiency aspects of preventing disruptions through planning.
9. “There is no bad weather, only bad clothing.” – Finnish Proverb
This emphasizes the importance of being prepared for any situation, which contingency planning facilitates.
10. “The greatest danger for most of us is not that our aim is too high and we miss it, but that it is too low and we reach it.” – Michelangelo, Artist
This highlights the need for comprehensive and ambitious contingency plans to address diverse scenarios.
1. What is a contingency plan?
A contingency plan is a proactive approach to identifying potential disruptions, outlining response strategies, and ensuring business continuity in the face of unforeseen events. It helps organizations minimize damage, maintain operations, and recover effectively from various challenges.
2. What are the benefits of having a contingency plan?
- Reduced risks and financial losses: By anticipating potential issues, you can take steps to mitigate their impact and avoid costly disruptions.
- Improved operational efficiency: A well-defined plan ensures everyone knows their roles and responsibilities during a crisis, leading to faster and more effective responses.
- Enhanced employee morale and confidence: Knowing there’s a plan in place can boost employee morale and confidence when facing challenges.
- Stronger brand reputation: Effective crisis management during disruptions can protect your brand image and maintain customer trust.
- Compliance with regulations: Many industries have regulations requiring specific disaster preparedness or data breach response plans.
3. What should a contingency plan include?
- Identification of potential risks: Analyze potential disruptions relevant to your industry and operations.
- Response protocols: Define clear steps for responding to different types of incidents.
- Communication strategies: Establish clear communication channels and protocols to inform stakeholders during a crisis.
- Resource allocation: Determine the resources needed for response and recovery efforts.
- Testing and review: Regularly test your plan and update it based on lessons learned and evolving risks.
4. How can I develop a contingency plan for my organization?
- Assess your risks: Identify potential threats specific to your industry, location, and operations.
- Gather relevant information: Collect data and resources on potential risks and response best practices.
- Involve key stakeholders: Get input from different departments and personnel affected by the plan.
- Develop your plan: Outline response protocols, communication strategies, and resource allocation for each risk.
- Test and review your plan: Conduct simulations and drills to identify and address any weaknesses.
5. Where can I find more resources on contingency planning?
- The Federal Emergency Management Agency (FEMA)
- The National Institute of Standards and Technology (NIST)
- The Business Continuity Institute (BCI)
- Industry-specific associations and publications
Having a well-developed and tested contingency plan is crucial for any organization’s success and resilience. It empowers your team to respond effectively to unforeseen challenges, minimize disruptions, and protect your business from potential losses. By taking the time to identify risks, develop clear protocols, and regularly test your plan, you can ensure your organization is prepared to navigate any storm and emerge stronger.