Contingency Plan Objective:
To provide individuals with a documented set of actions to perform in the event of a disaster, enabling information processing to be resumed within critical timescales.
Contingency plans should be formulated to ensure that staff are aware of the steps they would be required to take in the event of a disaster affecting the computer installation.
The format and content of contingency plans should comply with enterprise-wide standards / procedures, form part of a wider business continuity plan and be distributed to all individuals who would require them in case of an emergency. Such individuals should be informed of their responsibilities and equipped to fulfil them.
Plans should include:
· conditions for their invocation
· the critical timescales associated with the business applications supported by the installation
· a schedule of key tasks to be carried out, responsibilities for each task and a list of services to be recovered, in priority order
· information security controls applied during the recovery process
· arrangements for processing from last successful back-up to time of disaster and then to resumption of normal service
· provisions for the clearance of any processing back-logs that may have built up during the system outage
· resuming processing using alternative facilities
· procedures specified in sufficient detail to be followed by individuals who do not normally carry them out.
Source: ISF Section IP7 - Service Continuity
If there is a serious interruption to information processing, for example if a disaster occurs, the computer installation may be unavailable for a prolonged period. Considerable forethought is required to enable information processing to continue in these circumstances and to keep the business impact to a minimum. Accordingly, this area covers the development and content of contingency plans, and the coverage and validation of contingency arrangements.