Contingency planning is a component of all risk management business strategies, including continuity and disaster recovery.
A business contingency plan is an essential tool to help a business respond effectively to a future potential risk event.
It is usually developed if there’s a possible high consequence (impact) or high-risk profile (impact and likelihood). It can also be used as an alternative for action, i.e. a Plan B, if the expected result, possibly an opportunity, fails to materialise.
By having a well-thought-out business contingency plan in place, businesses can be better prepared to manage any unexpected challenges or a natural disaster that may come their way, including emergency response.
The Seven Steps of the Contingency Planning Process:
1. The Contingency Planning Statement
A formal policy is necessary to develop an effective contingency plan. The policy provides the authority and guidance required to create a contingency plan and ensure it meets the needs of the business. The policy should be reviewed and updated regularly to ensure that it remains relevant and responsive to the company’s changing needs.
2. Conduct the Business Impact Analysis
A Business Impact Analysis (BIA) is a systematic process used to identify and assess the potential effects of disruptions to essential business operations. A BIA aims to help organisations prioritise systems and processes critical to supporting the business functions.
BIAs are typically conducted as part of business risk management or business continuity planning. They involve identifying the business’ key products, services, and processes and assessing the potential impacts of disruptions or an unexpected event.
The results of a BIA can help a business make informed decisions about where to allocate resources for risk control and mitigation and business continuity planning.

3. Identify Preventive Controls
Business disruptions can significantly impact the profitability and cash flow of any business.
To reduce these effects, various measures can be taken to improve system performance and reduce contingency life cycle costs. By taking such steps, organisations can keep their systems running smoothly and efficiently while also saving money in the long run.
4. Create Contingency Plan Recovery Strategies
Recovery strategies that are thorough ensure that the system can be quickly and effectively recovered following a disruption. This is important to avoid any further damage or downtime. By having a plan in place, you can minimise the impact of a disturbance and get the business system up and running again as soon as possible.
5. Develop the Contingency Plan
The contingency plan should contain detailed guidance and procedures for restoring the business or business system unique to consequence (impact) level and recovery requirements. This will ensure that the system can be restored correctly in the event of an issue and that business functions critical to the business are not lost or minimised.
6. Testing, Training and Exercises
Testing validates disaster recovery capabilities and ensures that the plan will work as intended.
Training prepares recovery personnel for plan activation, familiarising them with the steps they need to take and the procedures they need to follow.
Exercising the plan identifies planning gaps and allows for improvements before the contingency plan needs to be put into action.
When all three are combined, these activities improve plan effectiveness and organisational preparedness.
7. Contingency Plan Maintenance
The contingency plan should be a living document that is updated regularly to remain current with business enhancements and organisational changes.
This will help to ensure that the contingency plan remains relevant and up-to-date and can be used as an effective tool for managing the business or a system.