Every business and organization can experience a serious incident that can prevent it from continuing normal operations. This can range from a flood or fire to a serious computer malfunction or Information Security incident. The management of the organisation have a responsibility to recover from such incidents in the minimum amount of time, with minimum disruption and at minimum cost. This requires careful preparation and planning.

Contingency Planning for the Small Enterprise

The Starting Point

It is vital that the organisation takes the development and maintenance of the disaster recovery or business continuity plan seriously. It is not one of those tasks that can be left until everyone has time to deal with it. A serious incident can affect the organisation at any time and this includes the next 24 hours!

Impact Assessment

One of the first contingency planning tasks to be undertaken is to prepare a comprehensive list of the potentially serious incidents that could affect the normal operations of the business. This list should include all possible incidents no matter how remote the likelihood of their occurrence.

Develop the Plan

Once the assessment stage has been completed, the structure of the plan can be established. The plan will contain a range of milestones to move the organization from its disrupted status towards a return to normal operations.

Testing the Plan

Once this plan has been developed it must be subjected to rigorous testing. The testing process itself must be properly planned and should be carried out in a suitable environment to reproduce authentic conditions in so far as this is feasible.

Personnel Training

This stage is dependent upon the development of the plan and the successful testing and audit of the plans activities. It is necessary that all personnel must be made aware of the plan and be aware of its contents and their own related duties and responsibilities.

Maintaining the Plan

The plan must always be kept up to date and applicable to current business circumstances. This means that any changes to the business process or changes to the relative importance of each part of the business process must be properly reflected within the plan.