See 5. Authorize

36. Contingency plan doc.doc

Way 36. Contingency Plan

A contingency plan is a plan which is executed when an unavoidable emergency occurs in order to limit the negative effects of that emergency. However, it is not designed to prevent an emergency, but to minimize damage caused by an emergency. Because no organization wants to have its organization, resources or finances negatively affected, it is eager to do something about these effects. Contingency planning and the contingency plans are about identifying the possible risks - when a company has a plan to minimize the outcomes caused by these risks it is better prepared for the emergency situation. Contingency planning is very important. A recent example of the fatal consequences of not having a good contingency plan is the tragedy of this year’s Loveparade in Germany, where 21 people died. How this tragedy could happen is explained in a very informative video. Other examples provide information why contingency plans are important for election days or for online business companies.

A good plan is only worth something when developed in advance. Plans that are made up while a situation is developing never work as well as the plans made in advance. In an emergency it is difficult to think of all the possible implications and possibilities. By making a plan before the actual emergency happens an organization can think about possible effects, and have time to define and prepare the best solutions. However, this doesn’t mean a contingency plan should be made too far in advance. An effective contingency plan can only be made when (most) variables and effects are known. A contingency plan made without the right information is not very effective because it cannot respond to a specific situation, since it wasn’t written with the specific situation in mind. A situation has to be known and understood in order to identify and prioritize risks. After that, plans can be made to tackle the effects of these contingencies.

The responsibility question can be divided into two separate realms: the responsibility for writing and sustaining a contingency plan and the formal responsibility for executing and making sure there actually exists a contingency plan. The contingency plan should be made by people with experience in risk assessment and access to information about the organization. The responsibility for this should be in the scope of IT-managers. These managers should be responsible for the contingency plan on a day-to-day basis and should evaluate the plan from time-to-time. The formal responsibility for the decision to write and execute a plan should be on top-management level, e.g. a CEO member.

How to create a contingency plan? A detailed explanation is given here and by the National Institute of Standards and Technology. A simplified version consists of the following steps:

1.Identify the risks

2.Identify the priority of the identified risks.

3.Identify possible solutions for the identified risks.

4.Assign someone who is responsible for the risks and their solutions.

Another recent paper gives information about possible flooding scenarios in the Netherlands and how contingency planning could deal with this risks (ten Brinke, W.B.M., Kolen, B., Dollee, A., van Waveren, H., Wouters, K. - Contingency planning for large-scale floods in the Netherlands (2010) - Journal of Contingencies and Crisis Management 18 (1), pp. 55-69 - PDF).