What is a contingency plan? It is a plan of action that is put in place in the case of an event occuring in the future that would be harmful to the business.
A contingency plan is also known as “Plan B” Or “Back-up Plan”. The saying “Fail to Prepare, Prepare to Fail” comes into truth here. If a company does not have a contingency plan in place they are essentially setting themselves up to fail. Contingency planning is closely tied with risk management and crisis management planning. It should be clear and have detail. You can choose to have a specific plan like an environmental contingency plan or keep it broad to cover all aspects of the organisation. Your contingency plan shouldn’t just be tick the box it should add value to your organisation.
- Importance of a Contingency Plan
- Contingency Planning Process
- Phases of a Contingency Plan
- Contingency Plan Metrics
The Importance of a Contingency Plan
It is great to know what a contingency plan is but even better to know the benefits it can bring to your business. They provide much needed structure in unprecedented times. In more recent years, with cyberattacks and pandemics, businesses are learning the importance of “Back-up” plans. According to Statista, 49% of businesses in the UK in 2018 had an effective contingency plan in place to deal with the most disruptive breach or attack.
A contingency plan does take a lot of time but it is invaluable to your organisation when unexpected events occur. Whether the issue is big or small, a well-structured plan will make solving the problem much easier and faster. A few benefits of having a plan in place are;
Increased Reaction Time
The speed at which your organisation recovers from a disturbance, whether major or minor, will determine your place among the competition and the size of the financial loss that is endured. A plan allows you to react faster to unexpected events therefore minimizing the impact it has on your organisation. Time isn’t wasted delegating roles and figuring out how to tackle the problem as it has already been practised beforehand.
Having a backup plan for all your organisation’s operations will ensure that they are safe in any eventuality. Resources are vital to the everyday running to a business so it is important that they are taken care of.
A cyberattack on your organisation could potential cause databases to be wiped out and client information to be leaked, both are highly serious and could cause long delays for the business. This would give the organisation a very bad reputation for being unorganised and they may lose customers as a result.
Panicking makes a problem worse and thinking rationale goes out the window in times of trouble. Having a “Plan B” at your disposal makes sure that problems are solved in the most efficient way. When people have practised the procedures they will be more confident in taking on the problems that occur unexpectedly.
As previously discussed, an attack on your IT systems could cause client information to be leaked. This would be a severe breach of GDPR and could end with the company being sued. If a back-up plan was put in action in order to combat such attacks this would reduce financial costs such as fines, lawsuits, loss of clients, replacement of equipment and so on.
Ensures the Continuity of the Business
A back-up plan helps an organisation to recover from an unexpected event. If there is less time spent in mitigating the problem the business won’t be hit with a huge financial price to pay. Unexpected events that cannot be solved quickly drain a companies time and finances and could cause an organisation to eventually cease operation.
What is a Contingency Planning Process
Now that we have answered “What is a contingency plan?” the next thing to know is what is the process involved in creating one. A contingency planning process is the set of steps that are followed in order to create a successful and realistic plan. Let’s look at an example of how you would go about creating your own.
Step 1: Identify what are the key and critical functions of the organisation. Ask yourself “could the business cope without X,Y,Z?” If the answer is no these become your businesses critical functions.
Step 2: Once you have recognised the key functions of the organisation you must then identify the risks that may impact the businesses functions.
Step 3: Now that you know the risks that may occur on your organisation’s critical operations you need to prioritise them with ones that are more likely to occur at the top and ones that have a very low probability of occuring at the bottom.
Step 4: Once you have identified the potential risks to your business you can then begin creating the actual contingency plan itself. For every risk that you have spotted you need to have a plan in place to counteract it.
Step 5: It is important clearly specify who is in charge if an incident occurs and what exact role they’ll play by appointing leaders to specific issues. This will ensure that the procedure will run smoothly and there’ll be no confusion around who does what.
Step 6: What good is a plan that doesn’t work? It is vital that you do a run-through of the plan with everyone involved in the organisation, especially running through high risk scenarios. This will allow everyone to feel more confident at following the contingency plan in a real-life situation and will also expose any flaws in the plan.
Step 7: Do not forget about your contingency plan. An organisation’s key operations may change from time to time therefore your “back-up” plan should change with it and be updated continuously. For example, the impact of Covid-19 would have been added to many organisations contingency plans at the beginning of 2020.
Phases of a Contingency Plan
An incident you have prepared for in your contingency plan has occurred. Here are a few steps to follow to ensure you get the most out of your plan. We will use the example of IT systems breaking down due to a cyberattack to demonstrate this.
- Notify all members of the organisation of the incident that has occured. The database and IT team leaders should be notified first so they can begin putting the contingency plan in place as soon as possible.
- All IT systems should be updated and backed-up. If the organisation strictly follows their contingency plan the procedure will be much quicker. The IT team will reboot the systems in order to get operations running again.
- Work resumes as usual with less disruptions caused due to the efficiency of the contingency plan being in place and minimal work is lost on IT systems.
- After a contingency plan has been put into real-life practice it is important to review what went well and what needs work in the plan. This is the best way to spot improvements needed and to make amendments to the plan. In this example, not everyone may have had their computers backed-up therefore lost progress and time in trying to recover their work. In order to prevent this in the future management should ensure that a weekly backup is done on systems.
Contingency Plan Metrics
Companies use many different types of metrics to measure the recovery time in an unexpected even. Two of the most used metrics would be RTO and RPO.
RTO-Recovery Time Objective-This metric measures the maximum time it should take for the organisation to resume normal operations after an unexpected event. An organisation might give themselves a RTO for 10 hours to recover non-critical data that has been lost as it doesn’t have a serious impact on the businesses day-to-day operations.
RPO-Recovery Point Objective-This metric allows you to see how the maximum amount of data your organisation can afford to lose without it having an impact on your business. An organisation may give themselves a RPO of 2 hours to recover important data that has been subject to a cyberattack as the longer it takes the bigger the impact it will have on the business.
A contingency plan is without a doubt an invaluable asset to your orginatiation. They can be time-consuming to make but when done properly your plan will save your organisation time in the future if an unexpected event occurs. Whether you use your plan or not it will be an investment you will not regret.