contingency planning policy template

8/11/2019 Contingency Planning Policy Template

1/4

Contingency Planning PolicyPolicy Owner Name the person/group responsible for this policys management.

Policy Approver(s) Name the person/group responsible for implementation approval of this policy.

Related Policies List other related enterprise policies both within or external to this manual.

Related Procedures List other related enterprise procedures both within or external to this manual.

Storage Location List the physical or digital location of copies of this policy.

Effective Date List the date that this policy went into effect.

Net Review Date List the date that this policy must undergo review and update.

PurposeContingency plans are used to establish the manner in which information systemswill continue to be operated in the event of a catastrophic failure to the informationsystem or any of its components. Without contingency plans the potential existsthat, should some form of catastrophic failure occur, [Company ABC]will beunprepared to recover from that failure and the unavailability of information

systems will be extended.

ScopeThis Contingency Planning Policy applies to all information systems andinformation system components of [Company ABC]. Specically, it includes

!ainframes, servers and other devices that provide centrali"ed computingcapabilities.

S#$, $#S and other devices that provide centrali"ed storage capabilities.

%es&tops, laptops and other devices that provide distributed computingcapabilities.

'outers, switches and other devices that provide networ& capabilities.

(irewalls, )%P sensors and other devices that provide dedicated securitycapabilities.

Policy*. Contingency plans will outline contingency roles and responsibilities as well as

indicate the individuals assigned to those roles and responsibilities andappropriate contact information for those individuals. Where appropriate,plans will be integrated with related plans +usiness Continuity Plan, %isaster'ecovery Plan, )ncident 'esponse Plan, etc.-.

. )ndividuals assigned to outlined contingency roles and responsibilities will betrained in contingency operations within [indicate frequency suggest 30days]of appointment to the contingency response team and thereafter within[indicate frequency suggest 30 days]of revision of the contingency plan.Where appropriate, plans will be integrated with related plans +usinessContinuity Plan, %isaster 'ecovery Plan, )ncident 'esponse Plan, etc.-.

/. Contingency plans will be tested [indicate frequency suggest quarterly]through the use of table top exercises, [indicate frequency suggest annually]through the use of simulation tests, and [indicate frequency suggest every

1


2/4

three years]through the use of a full0scale test. Where appropriate, tests willbe integrated with testing of related plans +usiness Continuity Plan, %isaster'ecovery Plan, )ncident 'esponse Plan, etc.- where such plans exist. Theresults of these tests will be documented, shared with &ey sta&eholders.

1. Contingency plans will be reviewed and, where applicable, revised on an

[indicate frequency suggest annually]basis. 'eview will be based upon thedocumented results of previously conducted tests or live executions of thecontingency plan. 2pon completion of plan revision, updated plans will bedistributed to &ey sta&eholders.

Procedure !Contingency planning can incorporate a number of di3erent types of plans. [Company

ABC]must complete the following before commencing plan construction

Conduct a usiness )mpact #nalysis

o )dentify critical )T resources

o )dentify disruption impacts

o %etermine allowable 'ecovery Time and 'ecovery Point ob4ectiveso %evelop recovery prioriti"ation schedules.

)dentify )n0Place and 'e5uired Preventative !easures

%evelop a 'ecovery Strategy

%ocument the Plan

Procedure "(or e6cient operations of the contingency plan, individuals with understanding of,and training in, contingency operations are re5uired

)dentify Contingency 'esponsibilities

#ssociate 'oles and Personnel with )dentied 'esponsibilities

%evelop, Publish and !aintain #ppropriate Contact )nformation for

Contingency Personnel

uild and %eliver a Contingency 'esponse Training Program

Procedure #To ensure the applicability of the plan and to verify that the plan can be acted uponas created, periodic testing is re5uired

%ene Tests and Testing !ethodologies

o )dentify systems and system components to be tested

o )dentify test types to be used

7xecute Tests 'eview Test 'esults and Ta&e Corrective #ction

8nce the test has been completed, the results should be reviewed to see if

the contingency plan accurately re9ects the needs of [Company ABC]or if anad4ustment is re5uired.

Non$Co%pliance

2


3/4

:iolation of any of the constraints of these policies or procedures will beconsidered a security breach and depending on the nature of the violation,various sanctions will be ta&en

# minor breach will result in written reprimand.

!ultiple minor breaches or a ma4or breach will result in suspension.

!ultiple ma4or breaches will result in termination.

3


4/4

Revision &istory'ersion Cange Autor Date of Cange

nfo!"ech #esearch $roup tools and template documents are provided for the free and unrestricted use of subscribers to nfo!"ech #esearch$roup services. "hese documents are intended to supply general information only% not specific professional or personal advice% and are notintended to be used as a substitute for any &ind of professional advice. 'se this document either in whole or in part as a basis and guide fordocument creation. "o customi(e this document with corporate mar&s and titles% simply replace the nfo!"ech nformation in the )eader and

*ooter fields of this document.

+

contingency planning policy template

Documents