What is the final stage of the business impact analysis when using the NIST SP 800 34?
What is a contingency plan?A contingency plan is a course of action designed to help an organization respond effectively to a significant future incident, event or situation that may or may not happen. Show
A contingency plan is sometimes referred to as "Plan B" or a backup plan because it can also be used as an alternative action if expected results fail to materialize. Contingency planning is a component of business continuity (BC), disaster recovery (DR) and risk management. Contingency planning and technology DR plan development are closely related concepts. The National Institute of Standards and Technology (NIST) standard for IT disaster recovery planning includes contingency in its title. Over the years, the contingency planning process has been connected to other types of business-readiness plans based on standards developed around the world. These standards address issues related to BC, incident response (IR), cybersecurity, continuity of operations, critical infrastructure, crisis communications, emergency response, natural disaster response and organizational resilience. Organizational resilience has evolved over the past couple decades, and some experts view it as an umbrella term for contingency plans and the other plan types discussed here.
Example of a contingency planA contingency plan can focus on one specific part of an organization's operations. For example, it can be the measures taken to back up all critical data. Another example would be work-from-home provisions put in place in case a facility is out of commission. The COVID-19 pandemic demonstrated to many organizations the importance of having comprehensive contingency plans in place across an organization prior to an unplanned event. Companies with adequate plans were able to react faster when the pandemic started to escalate. 7 steps of a contingency planContingency planning standards include a framework and structure for plan design and development. The plan structure is a repeatable format that simplifies the development of contingency and other plans. A popular IT contingency plan model is defined in NIST SP 800-34 Rev. 1 (2010), "Contingency Planning Guide for Federal Information Systems." In includes the following seven steps:
Other elements of a contingency planIn accordance with current domestic and international standards, the following activities are also recommended for contingency plan development:
Business continuity vs. business contingency plansThe terms business continuity and business contingency are often used interchangeably. However, they differ in the following ways. Business contingency. A business contingency plan is activated soon after the initial event occurs and the IR team has made its initial assessments and determinations. The contingency plan is used to get specific team members involved in mitigation efforts. These people make short-term decisions regarding how the incident can be managed and resolved. Business continuity. If contingency planning activities are insufficient to restore business operations, it may be necessary to declare a disaster and launch a longer-term business continuity plan as well as a technology disaster recovery plan. BC plans are designed to facilitate the recovery and resumption of business activities to as close to normal operations as possible. Benefits of contingency plansWhen a disruptive or negative event occurs, contingency plans provide a structure for assessment and actions to recover from such unexpected events. The faster the recovery, the less potential there is for damage to occur to the organization and its employees. Speed in recovery also helps maintain a company's financial status, competitive position and reputation. Learn more about business continuity and disaster recovery in this comprehensive guide. This was last updated in May 2022 Continue Reading About contingency plan
What are the NIST SP 800 34 Rev 1 seven steps of contingency planning?NIST's 7-Step Contingency Planning Process. Develop the contingency planning policy statement. ... . Conduct the business impact analysis (BIA). ... . Identify preventive controls. ... . Create contingency strategies. ... . Develop an information system contingency plan. ... . Ensure plan testing, training, and exercises. ... . Ensure plan maintenance.. What are the steps in a business impact analysis?Five Phases of a Business Impact Analysis. Preparation. Before you can start your business impact analysis, you'll need to form a project team that will carry out your business impact analysis. ... . Information Gathering. ... . Information Review And Analysis. ... . BIA Report Creation. ... . Business Impact Analysis Recommendation Implementation.. Why is the NIST 800 34 important to the creation of a contingency plan?NIST Special Publication 800-34, Contingency Planning Guide for Information Technology (IT) Systems provides instructions, recommendations, and considerations for government IT contingency planning. Contingency planning refers to interim measures to recover IT services following an emergency or system disruption.
What are the three key outputs of the BIA process?The BIA quantifies the impacts of disruptions on service delivery, risks to service delivery, and recovery time objectives (RTOs) and recovery point objectives (RPOs).
|