business continuity plan vs business contingency plan

• Organizations
• Planning & Activities
• Product & Services
• Structure & Systems
• Career & Education
• Entertainment
• Fashion & Beauty
• Political Institutions
• SmartPhones
• Protocols & Formats
• Communication
• Web Applications
• Household Equipments
• Career and Certifications
• Diet & Fitness
• Mathematics & Statistics
• Processed Foods
• Vegetables & Fruits

Difference Between Business Continuity and Contingency Plan

• Categorized under Business | Difference Between Business Continuity and Contingency Plan

Minor and major disruptions must be avoided at all costs for business survival. Most events that can cripple business operations are non-predictable including terrorist attacks, cyber-attacks and natural disasters including floods, earthquakes and fires. These cost businesses money, time, customer loyalty and market share. Since no one can predict future events and the ability of businesses to resume normal business functions, companies must hence put in place measures to ensure that businesses continue running even after these unfortunate events occur. Among these measures include business continuity plans and contingency plans. 

What is Business Continuity?

This is the ability of businesses to carry out their normal activities and function after unplanned events have occurred. These events could be a pandemic, a business crisis, natural disasters or even workplace violence.  Businesses should not only plan and prepare for major disruptions that will completely affect business operations but also events that could adversely affect functions and services. 

 A business continuity plan may entail but is not limited to: 

• The team that will manage emergency events
• Measures to ensure services and customers are availed to customers
• Employee support measures 
• Technological measures to restore business functions
• Where to relocate people and processes in case business locations cannot be used
• Measures to ensure staffing levels are adequate in the case of an unprecedented event

Among events that a business continuity plan will guard against include;

• Natural and local disasters- These include fires, electronic malfunction, earthquakes and floods
• Network disruptions- This is important for businesses that need a reliable connectivity to operate
• Cybersecurity- Due to the rise of cybersecurity threats, businesses should ensure all data is backed up 
• Human error- Outages can be caused as a result of innocent mistakes and ignorance, and should be mitigated 

What is Contingency Plan?

A contingency refers to activities or events that occur beyond the normal range of organizational operations. A contingency plan can, therefore, be defined as an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs. Contingency plans are part of risk management and can be created for identified or non-identified risks. It can also be created to take advantage of strategic opportunities. 

A contingency plan is not only a need for large businesses as small to medium businesses can also be crippled by unforeseen events. They can also be tailored to specific departments. For instance, the need to protect, restore and use data in an organization may require an information services department contingency plan. 

Importance of contingency plans

• Allow organizations to resume normal business functions as fast as possible after an unforeseen event has occurred
• Minimizes consumer inconveniences
• Identification of staffing needs in the context of recovery

A good contingency plan should include;

• Natural disasters such as earthquakes, fires and hurricanes
• Crisis including worksite injuries and accidents
• Personnel such as strikes and employees deaths
• Product issues such as plan relocations
• Mismanagement such as accidental destruction and theft

The process of developing a contingency plan involves the identification of essential business operations and sectors and determining how these processes can be affected by the occurrence of unforeseen events. Actions that would be needed to return these to normal operations should be identified and documented, including the resources that would be needed for this. A good contingency plan incorporates each functional area in an organization  

Similarities between Business Continuity and Contingency plan

• Both entail enforcing measures for businesses to operate even after unprecedented events have occurred

Differences between Business Continuity and Contingency plan

Business continuity refers to the ability of businesses to carry out their normal activities and function after unplanned events have occurred. On the other hand, a contingency plan refers to an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs. 

While business continuity is based on the concept of business survival after the occurrence of unprecedented events, contingency planning is based on the concept of preparation of all types of disruptions and steps that should be followed when these disruptions occur. 

Business continuity vs. Contingency plan: Comparison Table

 Summary of Business Continuity vs. Contingency Plan

Business continuity refers to the ability of businesses to carry out their normal activities and function after unplanned events have occurred. It is based on the concept of business survival after the occurrence of unprecedented events. On the other hand, a contingency plan refers to an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs. It is based on the concept of preparation of all types of disruptions and steps that should be followed when these disruptions occur. 

Related posts:

• Recent Posts
• Difference Between Profit Center and Investment Center - July 2, 2022
• Difference Between Anti-Trust and Anti-Competition - June 6, 2022
• Difference Between Stocktaking and Stock Control - June 6, 2022

Sharing is caring!

• Pinterest 2

Search DifferenceBetween.net :

• Difference Between Business Continuity and Business Resilience
• Difference Between Business Continuity Plan and Disaster Recovery Plan
• Difference Between Business Continuity and Disaster Recovery
• Difference Between BCP and DR
• Difference Between a 504 Plan and an IEP

Cite APA 7 Njogu, T. (2020, July 14). Difference Between Business Continuity and Contingency Plan. Difference Between Similar Terms and Objects. http://www.differencebetween.net/business/difference-between-business-continuity-and-contingency-plan/. MLA 8 Njogu, Tabitha. "Difference Between Business Continuity and Contingency Plan." Difference Between Similar Terms and Objects, 14 July, 2020, http://www.differencebetween.net/business/difference-between-business-continuity-and-contingency-plan/.

Leave a Response

Name ( required )

Email ( required )

Please note: comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Notify me of followup comments via e-mail

References :

Advertisments, more in 'business'.

• Difference Between Eco Efficiency and Eco Effectiveness
• Difference Between Uber and Uber Eats
• Difference Between Competitive Advantage and Sustainable Competitive Advantage
• Difference Between Uber Eats and DoorDash
• Difference Between Development and Sustainable Development

Top Difference Betweens

Get new comparisons in your inbox:, most emailed comparisons, editor's picks.

• ASQ® CQA Exam
• ASQ® CQE Exam
• ASQ® CSQP Exam
• ASQ® CSSYB Exam
• ASQ® CSSGB Exam
• ASQ® CSSBB Exam
• ASQ® CMQ/OE Exam
• ASQ® CQT Exam
• ASQ® CQPA Exam
• ASQ® CQIA Exam
• 7 Quality Tools
• Quality Gurus
• ISO 9001:2015
• Quality Cost
• Six Sigma Basics
• Risk Management
• Lean Manufacturing
• Design of Experiments
• Quality Acronyms
• Quality Awareness
• Quality Circles
• Acceptance Sampling
• Measurement System
• APQP + PPAP
• GD&T Symbols
• Project Quality (PMP)
• Full List of Quizzes >>
• Reliability Engineering
• Statistics with Excel
• Statistics with Minitab
• Multiple Regression
• Quality Function Deployment
• Benchmarking
• Statistical Process Control
• Quality Talks >> New
• Six Sigma White Belt
• Six Sigma Yellow Belt
• Six Sigma Green Belt
• Six Sigma Black Belt
• Minitab 17 for Six Sigma
• Casio fx-991MS Calculator
• CSSYB/LSSYB Mock Exam
• CSSGB/LSSGB Mock Exam
• CSSBB/LSSBB Mock Exam
• ASQ® CQA Preparation
• ASQ® CQE Preparation
• ASQ® CQPA Preparation
• ASQ® CQIA Preparation
• CQE Mock Exams
• CMQ/OE Mock Exams
• CQA Mock Exams
• CQIA Mock Exams
• CQPA Mock Exam
• Design of Experiments (DoE)
• Measurement System Analysis
• Statistics Using R
• Data Visualization with R
• Statistics Using Python
• Regression with Minitab
• Data Analysis Using Excel
• The Git Mindset
• Statistics Quiz
• Root Cause Analysis
• Kano Analysis
• Lean Management
• QMS Lead Auditor
• Quality Management
• ISO 9001:2015 Transition
• Understand Business Continuity, Resiliency, and Contingency Planning

** Unlock Your Full Potential **

This blog post will cover the basics of Business Continuity Planning, Resilience, and Contingency Planning. All three concepts are essential, and focusing on just one area alone isn't enough.

Business Continuity Planning (BCP) is a process of identifying potential risks to a company's operations, developing strategies to mitigate those risks, and implementing those strategies into regular business practices. It helps companies manage their risk by preparing for the unexpected.

In an era where natural disasters are increasing in frequency and intensity, people need to plan ahead to avoid major disruptions that could impact the organization's financial position or cause physical property damage.

Contingency planning involves anticipating the events that may occur and what actions might need to be taken in response (Disaster Recovery Plan). The goal is to ensure that you take all necessary steps to protect employees, information, resources and assets from the effects of an event. Examples: Fire, flood, strike, earthquake, war, outages, cyber-attack, terrorist attack, pandemics, etc.

Resilience refers to the ability of an organization to continue operating effectively during times of uncertainty or adversity. It is the ability of business operations to adapt and respond to internal or external dynamic changes rapidly. Resilient organizations can recover more quickly than non-resilient ones because they have built processes that minimize downtime and keep customers happy during disruptions.

IBM White Paper "Resilient infrastructure: Improving your business resilience" defines six blocks of a resilient organization:

• Accessibility
• Diversification
• Autonomic Computing

A Contingency Plan is a plan devised for an outcome other than the usual (expected) plan. Events covered in the contingency plan are not as extreme as the Business Continuity Plan. Examples: Supplier going out of business, bankruptcy, price/currency fluctuations.

The contingency plan is to be implemented only if required. The risk that this type of event will occur is low, and therefore it is essential to keep resources ready to deal with this situation. But it is also possible to overestimate risks and prepare too much - so you don't end up wasting resources on something that never happens.

Similar Posts:

July 19, 2022

Data Automation

December 25, 2022

PDF, CDF and PMF – Probability Distribution Functions

April 28, 2023

Nelson Rules (and Western Electric Rules) for Control Charts

32 Courses on SALE!

The global body for professional accountants

• Search jobs
• Find an accountant
• Technical activities
• Help & support

Can't find your location/region listed? Please visit our global website instead

• Middle East
• Cayman Islands
• Trinidad & Tobago
• Virgin Islands (British)
• United Kingdom
• Czech Republic
• United Arab Emirates
• Saudi Arabia
• State of Palestine
• Syrian Arab Republic
• South Africa
• Africa (other)
• Hong Kong SAR of China
• New Zealand
• Apply to become an ACCA student
• Why choose to study ACCA?
• ACCA accountancy qualifications
• Getting started with ACCA
• Careers in accountancy
• ACCA Learning
• Register your interest in ACCA
• Learn why you should hire ACCA members
• Why train your staff with ACCA?
• Recruit finance staff
• Train and develop finance talent
• Approved Employer programme
• Employer support
• Resources to help your organisation stay one step ahead
• Support for Approved Learning Partners
• Becoming an ACCA Approved Learning Partner
• Tutor support
• Computer-Based Exam (CBE) centres
• Content providers
• Registered Learning Partner
• Exemption accreditation
• University partnerships
• Find tuition
• Virtual classroom support for learning partners
• Find CPD resources
• Your membership
• Member networks
• AB magazine
• Sectors and industries
• Regulation and standards
• Advocacy and mentoring
• Council, elections and AGM
• Tuition and study options
• Your study options
• Study support resources
• Practical experience
• Our ethics modules
• Student Accountant
• Regulation and standards for students
• Completing your EPSM
• Completing your PER
• Apply for membership
• Skills webinars
• Finding a great supervisor
• Choosing the right objectives for you
• Regularly recording your PER
• The next phase of your journey
• Your future once qualified
• Mentoring and networks
• Advance e-magazine
• An introduction to professional insights
• Meet the team
• Global economics
• Professional accountants - the future
• Supporting the global profession
• Download the insights app

Can't find your location listed? Please visit our global website instead

• Internal audit
• Our webinars and other resources
• Back to Our webinars and other resources

Understanding emergency, contingency and business continuity plans

Examining the nuances between business continuity planning, disaster recovery and resilience..

I am often asked the difference between emergency, contingency and business continuity plans? The answer is that the very act of working through the process of planning for unwanted events, whatever they may be, is the most important factor. However, there are key nuances between each which, if not addressed, can seriously jeopardise businesses ability to operate.

Unequivocally, emergency plans are required where we need a response by one or more of the emergency services. Emergencies, by definition, are events which tend to happen quickly, rapidly getting worse e.g. a small unchallenged fire, can grow significantly. However, on invocation of the plan, the situation stabilises and then sees a gradual improvement.

Contingency plans are similar, where the event happens suddenly and can get rapidly worse. However, they do not require the attendance of the emergency services e.g. IT outages. Examples where a contingency plan could be required include, but not limited to:

• loss of power
• industrial action
• loss of IT.

Similarly, the event stabilises and gradually improves. However, both of these examples last a relatively short time span; possibly a few hours or in the worst cases, days. Rarely do we see protracted emergencies or crises. Conversely, the recovery time for business as usual to be restored, can be weeks, months or even years. Yet, much time is spent planning for ephemeral emergency or crisis events and relatively little time on recovery. This incongruous nature of planning, can lead to the potential long term damage of the business.

Disasters    

The 1980s was known as the ‘decade of disaster’. The second half of the eighties was a particularly catastrophic period in the UK, with incidents such as those shown in table 1:

The main concern around that period was that emergency planning legislation dated back to the Emergency Powers Act 1920. Emergency planning in the UK was focused on the cold war, concerning a nuclear attack. Following cessation of the cold war, the planning assumptions had to be changed immeasurably to address more modern day risks e.g. terrorism, climate change and the increased use of IT.

The Civil Contingencies Act 2004 replaced the outdated legislation and for the first time, legislation put a mandatory requirement on emergency responders to take account of business continuity to ensure that the emergency services could keep functioning when faced with unwanted events such as flooding of their premises. Moreover, the legislation also put statutory requirements on local authorities to provide guidance to local businesses on business continuity, especially small to medium enterprises.

This was an important aspect as, it is widely reported that following the Irish Republican Army (IRA) bombing in Manchester in 1996, around half of the businesses who did not have suitable plans in place, failed to exist within the following twelve months. Consequently, business continuity planning is a vitally important aspect of running any business, no matter how large or small.

In 2018 there were two unrelated major fires in Glasgow city centre which directly affected businesses in close proximity to the premises. The state of the structural integrity of the buildings meant that exclusion zones around the premises completely stopped access for the business owners and their customers for a protracted period.  

Where an individual is personally impacted they can clearly see this as a disaster. This is especially so where there is death within friends and family. However, the word disaster is often maligned e.g. ‘my hair is a disaster’ or ‘my dinner party was a complete disaster’ so when is a disaster actually a disaster? A disaster is a very personal thing!

The ‘Bradford Disaster Scale’ is utilised to determine when an event is officially a disaster. However, this is rarely used and in the world of 24/7 worldwide news coverage, it is the media who tend to declare when an event or incident is a disaster. This is not based on any algorithm or other model, but sensationalism, in an attempt to sell more newspapers.

Therefore, if we look back in history and even in more recent times, we find it littered with examples of organisations who failed to plan for the unexpected and ended up going out of business. The trick, obviously, is to convert what we know (hindsight), into what could potentially happen in the future (foresight) and to plan accordingly on what could potentially happen.

Clearly, only an emergency can lead to a disaster; however, not all events are designated as a disaster. Therefore, there is a need to identify the risks to the business – what can go wrong, how can it go wrong and what will happen if it does go wrong. Indeed, we can also argue that something seen as a risk to one person or organisation may indeed be an opportunity for others. Those businesses who plan accordingly, can readily identify the business opportunities open to them.

Resilience is an interesting turn of phrase which has become increasingly more used in modernity. We have heard the word utilised a great deal more over the past decade, by organisations such as the BBC News channels.

Therefore, what does ‘resilience’ mean and why is it becoming more widely used? A useful working definition taken from the English Oxford Living Dictionary is ‘the capacity to recover quickly from difficulties; the ability of a substance or object to spring back into shape (elasticity)’. We can, therefore, deduce, that resilience and business continuity planning are intrinsically linked and that careful planning and preparation can assist in achieving a resilient organisation.

International standards such as ISO 22301 are useful tools for organisations to assist in the planning and execution of a resilient organisation. ISO 22301 sets out a valuable framework to assess the impact that having a crisis event would have on the organisation. Whilst risk is a key component of the process, the focus is mainly on managing the consequences of crisis events and for restoring normality within a set timescale, or indeed, defining a new normality. 

Failing to plan for crisis situations could easily lead to a failure of the business. It is, therefore, essential that businesses identify their vulnerabilities including loss of IT and to plug any gaps before it is too late. Every day, we should think…what would we do right now if x,y or z happened? If you cannot answer that question, then you need a plan.

Too many organisations and indeed, senior executives and board members, have misconceptions around business continuity, disaster recovery and resilience, all of which are in essence the same thing. Consequently, it is time to ensure that the following words are wiped from the vocabulary: 

• ‘It won’t happen to us’
• ‘We will cope, we always do’
• ‘We are too big a company to fail’.

Do so at your peril!!!

Gillies Crichton. MSc. GIFireE. MBCI. SIRM – group head of assurance for AGS Airports Limited, based at Glasgow Airport

• ACCA Careers
• ACCA Career Navigator
• ACCA Learning Community
• Your Future
• ACCA-X online courses

Useful links

• Make a payment
• ACCA Rulebook
• Work for us
• Supporting Ukraine

Using this site

• Accessibility
• Legal & copyright
• Advertising

Send us a message

Planned system updates

View our maintenance windows

Business Continuity vs. Disaster Recovery: 5 Key Differences

Fill out the form below and we’ll email you more information about UCF’s online Leadership and Management programs.

• Name * First Last
• Degree * Career and Technical Education, BS Career and Workforce Education, MA College Teaching and Leadership Corrections Leadership Destination Marketing and Management Educational Leadership, MA Emergency and Crisis Management, MECM Engineering Management, MS Event Management Health Informatics and Information Management, BS Health Services Administration, BS Hospitality Management, BS Industrial Engineering, MSIE Lifestyle Community Management, BS Local Director of Career & Technical Education Lodging and Restaurant Management, BS Master of Public Administration, MPA Nonprofit Management Nonprofit Management, MNM Police Leadership Project Engineering Public Administration
• Phone This field is for validation purposes and should be left unchanged.

Privacy Notice

Many professionals operate under the assumption that their workplace will remain largely unchanged from one day to the next, finding comfort in rhythms and routines. Sometimes, however, events disrupt business as usual. A critical aspect of leadership is preparing for those interruptions, creating strategies and plans that can keep core business functions intact even under duress.

Two specific fields address potential business interruptions: business continuity and disaster recovery. These disciplines minimize the impact that a catastrophic event might have on a business’s ability to reliably deliver its products and services.

While both fields are important, and even similar in some aspects, they are not synonymous. There are important differences in business continuity vs. disaster recovery, and those in leadership or emergency preparedness roles can benefit from understanding the core distinctions.

One way to develop a clear understanding of business continuity vs. disaster recovery is through studying emergency management. An online program in this field can offer professionals the skills needed to successfully lead companies through different kinds of crises.

Why Business Continuity and Disaster Recovery Matter

Business continuity outlines exactly how a business will proceed during and following a disaster. It may provide contingency plans, outlining how the business will continue to operate even if it has to move to an alternate location. Business continuity planning may also take into account smaller interruptions or minor disasters, such as extended power outages.

Disaster recovery refers to the plans a business puts into place for responding to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime. Disaster recovery involves the measures a business takes to respond to an event and return to safe, normal operation as quickly as possible.

The Importance of Advanced Planning

When businesses face disasters and don’t have the proper plans in place, the effects can be catastrophic. The most obvious effect is financial loss; the longer a business goes without delivering its products and services, the greater its financial losses. Eventually, these losses may force a business to make tough decisions, such as cutting employees. But there can also be technological consequences, including the loss of important or sensitive data.

Having business continuity and disaster recovery plans in place can help companies minimize the consequences of a catastrophic event. They can also provide peace of mind; employees and business owners alike may feel more comfortable in a work setting where there are clear policies for how to respond to disasters.

In many companies, crisis management professionals are responsible for developing and implementing these plans, evaluating and revising them as needed, and training employees to ensure they know how to follow the specified strategies.

Similarities Between Business Continuity and Disaster Recovery

Business continuity planning and disaster recovery planning often seem interdependent. While the two concepts are not the same, they overlap in some areas and work best when developed in tandem.

• Both are proactive strategies that help a business prepare for sudden, cataclysmic events. Instead of reacting to a disaster, both disciplines take a preemptive approach, seeking to minimize the effects of a catastrophe before it occurs.
• Businesses can use both to prepare for a range of ecological and human-made disasters. Business continuity and disaster recovery are instrumental to preparing for pandemics, natural disasters, wildfires and even cyberattacks.
• Both require regular review, and they may sometimes require revision to ensure they match the company’s evolving goals. An emergency management leader will continually test and modify these plans as needed.

Differences Between Business Continuity and Disaster Recovery

A closer look at business continuity vs. disaster recovery reveals some key distinctions. Ultimately, these differences highlight the fact that businesses need to have plans of both kinds in place to be sufficiently prepared for disaster.

• Business continuity focuses on keeping business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster. In other words, the former is concerned with keeping the shop open even in unusual or unfavorable circumstances, while the latter focuses on returning it to normal as expediently as possible.
• Unlike business continuity plans, disaster recovery strategies may involve creating additional employee safety measures, such as conducting fire drills or purchasing emergency supplies. Combining the two allows a business to place equal focus on maintaining operations and ensuring that employees are safe.
• Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster recovery plans limit abnormal or inefficient system function. Only by combining the two plans can businesses comprehensively prepare for disastrous events.
• A business continuity strategy can ensure communication methods such as phones and network servers continue operating in the midst of a crisis. Meanwhile, a disaster recovery strategy helps to ensure an organization’s ability to return to full functionality after a disaster occurs. To put it differently, business continuity focuses on keeping the lights on and the business open in some capacity, while disaster recovery focuses on getting operations back to normal.
• Some businesses may incorporate disaster recovery strategies as part of their overall business continuity plans. Disaster recovery is one step in the broader process of safeguarding a company against all contingencies.

Leadership in Times of Crisis

Crisis management is an important skill for all business leaders. In fact, crisis management draws upon many of the other skills necessary for business success. Analytical and problem-solving skills as well as flexibility in decision making are essential for assessing potential threats and determining how to proactively address them. Communication skills, both verbal and written, are necessary for articulating a plan and training employees on how they should act in response to a crisis.

“Leadership in managing crises can minimize the damage imposed by an incident while lack of effective leadership worsens the impact,” says Naim Kapucu, Pegasus Professor and director of the School of Public Administration at the University of Central Florida (UCF) . “Organizations should have leaders with crisis management competencies to effectively manage disasters and crises based on the contingencies and environmental and organizational factors.”

Crisis management skills matter because any company can experience a catastrophe that limits its ability to function as normal, and often it will have little time to pivot and adapt. “Crises are not a good time to reorganize adequately operating organizational systems, much less try to implement wholesale organizational changes or reforms,” says Kapucu. Having a plan in place, ready to be executed, can make all the difference. The COVID-19 pandemic has brought into stark relief the uncertainty that businesses face and the extreme disruptions that can take place.

Programs such as the University of Central Florida’s online Master of Emergency and Crisis Management can help leaders fortify the knowledge, competencies, and skills they need to help their enterprises weather these times of crisis.

Crisis Management Careers

Crisis management is a key part of several careers. Each of the following positions offers a different level of leadership through tumultuous times.

Emergency Management Director

Emergency management directors develop and execute the plans that businesses follow to respond to natural disasters and other emergencies. Strong analytical, problem-solving, delegation and communication skills are essential. According to the U.S. Bureau of Labor Statistics, the annual median salary for emergency management directors in 2019 was $74,590.

Disaster Program Manager

Disaster program managers may coordinate shelters, manage triage centers or organize other services in the wake of a disaster. These professionals must be skilled in remaining calm under extreme pressure; empathy and understanding are also important. The annual median salary for this role was around $48,000, according to May 2020 PayScale data.

Geographic Systems Information Coordinator

Geographic systems information coordinators use a wide range of data sources, such as land surveys, to help anticipate and prepare for different disasters. Technical skills and data analysis competencies are vital for success in this role. PayScale reports that the annual median salary for these coordinators was around $58,000 as of May 2020.

Emergency Preparedness Manager

Emergency preparedness managers are typically responsible for making sure employees and customers are safe. They may report directly to the emergency preparedness director, whose role is more comprehensive. The annual median salary of emergency preparedness managers was around $69,000 as of May 2020, according to PayScale.

Developing a Career in Emergency Management

Business continuity and disaster recovery plans help businesses prepare for worst-case scenarios; they provide peace of mind, a sense of stability and key safeguards against major loss and disruption. The University of Central Florida’s online Master of Emergency and Crisis Management (MECM) degree program helps professionals prepare for this important work.

The MECM curriculum exposes students to key emergency management skills, including developing, testing and communicating plans. It emphasizes the financial, ethical, political and practical dimensions of disaster response. Find out more about the MECM degree program today and embark on a new career on the front lines of crisis management.

Online Leadership and Management Degrees at UCF

• Career and Technical Education, BS
• Career and Workforce Education, MA
• College Teaching and Leadership
• Corrections Leadership
• Destination Marketing and Management
• Educational Leadership, MA
• Emergency and Crisis Management, MECM
• Engineering Management, MS
• Event Management
• Health Informatics and Information Management, BS
• Health Services Administration, BS
• Hospitality Management, BS
• Industrial Engineering, MSIE
• Lifestyle Community Management, BS
• Local Director of Career & Technical Education
• Lodging and Restaurant Management, BS
• Master of Public Administration, MPA
• Nonprofit Management
• Nonprofit Management, MNM
• Police Leadership
• Project Engineering
• Public Administration

You May Also Enjoy

What Is Contingency Planning? [+ Examples]

Published: January 13, 2023

The COVID-19 pandemic has shown, more than ever, the importance of being prepared with a contingency plan for the unexpected, especially when it comes to business continuity.

While some unexpected interruptions can be due to situations outside of your control, some issues arise that may be caused by internal errors. Unexpected problems can also be positive, like a sudden influx of interest in a new product.

Regardless of the scenario, it's essential to prepare for everything, and contingency planning helps you do so. This post will explain what contingency planning is, outline the steps you can follow to create your own plan, and give examples that you can use for inspiration.

• Contingency Planning
• Business Contingency Plan
• Making a Contingency Plan
• Contingency Plan Timeline
• Contingency Plan Example

Contingency Plan Definition

What is a contingency plan? Simply put, a contingency plan is an action plan designed to help organizations respond to a potential future incident. Think of it as a backup plan, or plan B to guide organizations through a worst-case scenario.

Contingency plans are helpful for all types of organizations, from businesses to non-profits, to government organizations. While these scenarios may never come to fruition, it’s important to have a plan in place so that your team isn’t panicking or scrambling to deal with an unfavorable event at the last minute.

What is contingency planning?

Contingency planning is a proactive process of creating a strategy to help you prepare for any scenario that can affect your business, regardless of the likelihood of its occurrence.

These plans shouldn't focus solely on situations that may harm your business. For example, you may experience a significant increase in revenue during a specific period due to changes in market behavior. This is a good scenario, but you will still need to adapt your operations to scale and appropriately meet the new demands of your growing audience.

Contingency Planning vs. Crisis Management

Contingency planning is also different from crisis management , as it is not a reaction to something that has already happened but more so a plan for if and when something may happen. However, a contingency plan can help you with crisis management when issues arise.

Contingency Planning vs. Risk Management

Risk management is the identification, mitigation, and assessment of potential risks that may affect your organization. This process helps an organization prevent losses before they occur and aids in assessing whether or not certain risks are worth taking. Contingency planning can be a component of risk management since that process helps organizations survive these potential risks.

To ensure your business is prepared for everything, it's crucial to understand how to create a contingency plan.

What is a business contingency plan?

A business contingency plan is a strategy that outlines the steps your business’ teams will take in the event of a crisis occurring. It is essentially the backup plan that goes into action when the worst-case scenario occurs. The goal of your contingency plan is to help your business stay up and running after an issue arises.

Business Continuity Plan vs. Contingency Plan

Although their names vary by few letters, business continuity and contingency plans are different concepts. Continuity is the ability of your business to continue functioning after an incident that has disrupted operations occurs. A contingency plan is an action plan that goes into place if an incident were to happen.

Contingency plans can significantly impact whether your business can achieve continuity. Being able to react and take action during a crisis can dictate whether or not your business can emerge from the other side and continue normal business operations.

You can think of it like this: your continuity plans contain five sections: program administration, governance, business impact analysis, strategies and requirements, and training and testing. If your business also uses contingency plans, it could be part of the strategies and requirements section, which dictates how your business will respond to a crisis if it occurs.

Contingency Planning: How to Make a Business Contingency Plan

Creating a contingency plan is responding to the question of "What if?"

What if your storefront floods? Or what if your supplier goes out of business? The responses to the what-ifs are contingency plans. These scenarios aren't necessarily going to happen, but if there is a possibility that they'll affect your business, you're prepared if they do.

Below we'll discuss the steps that go into contingency planning.

Contingency Planning in 7 Steps

1. identify critical business functions..

This first step is the most important aspect of your planning, as it sets the tone for why your plans need to exist in the first place.

During this phase, identify all critical areas essential to keeping your business up and running every day. As these operations are imperative to success, you need to have plans to ensure that these operations continue, regardless of whatever scenarios arise.

You can think of it like this: these critical areas keep your business up and running on a day-to-day basis. Other areas are important, but these are the main functions that keep you afloat. Given this, you want to be prepared for anything and everything that may happen that can affect the critical areas, whether positive or negative. Contingency planning is exactly that.

Identifying these areas helps you move on to the next step as you begin brainstorming possible scenarios that can impact them.

2. Conduct a scenario assessment.

Once you've identified the critical operations of your business, you'll want to conduct a scenario assessment to identify situations that will affect these functions and put stress on your day-to-day operations.

For example, if your business operates out of a storefront, keeping your storefront up and running is a critical area of your business's success. Maybe you launch a new product that attracts more interest than you thought, and you need to deal with higher in-store traffic and a lack of products to satisfy the market. While it is a positive situation that will draw in more revenue, it can still have negative repercussions for your business if you don't deal with it when it happens.

You can think of this stage as similar to a risk assessment, but the possibilities are positive and negative. It may be helpful to meet with people who work in these critical areas and understand what they think may cause interruptions to their job duties and barriers to their success. Ask them how they feel situations will impact them and how they would deal with each scenario.

If you come up with a long list of threats, you can prioritize them based on their likelihood of occurring and how significant their impact would be on your business.

3. Create contingency plans for each scenario.

During this phase, you'll create contingency plans. Begin with the highest priority "threats," or those most likely to occur and most likely to cause significant stress to your business.

Outline the scenarios, people to inform, and the roles and responsibilities involved parties will have when they respond. We'll go over an example below, but a helpful template to follow can be:

• Outlining the scenario,
• Determine the probability of it occurring,
• Explain how you'll prepare ahead of time,
• Detail what the response will be if and when it happens.

Once you've created your plans, distribute them to key stakeholders in each scenario, so everyone understands what they are responsible for and can prepare ahead of time.

4. Get your plan approved.

Once you’ve come up with a desired plan of action, it’s time to get approval from stakeholders and management. If you’re creating both department-level and company-wide plans, this is especially important. Your plan won’t be a success unless there is buy-in from key members of your team and management. Once all parties agree that the course of action described in the contingency plan works for everyone, you can move forward with confidence.

5. Share the plan with your team.

Once your plan is approved, it’s time to distribute it. Putting it in a shared folder accessible to everyone creates transparency and makes it readily available if the time comes.

Make sure the parties involved know what they’re responsible for in the plan, that way you can execute the plan seamlessly should the worst-case scenario occur.

6. Test your plans.

As with all plans, it's essential to continuously test (more on that in the next section) and update them over time. As businesses scale and change, your business needs will likely change, and specific scenarios will no longer have as significant of an impact. There may also be new scenarios to plan for that you hadn't anticipated or thought of when you were a smaller operation.

It can be helpful to create a timeline that you'll use to spend dedicated periods reviewing your plans, testing them, and communicating with the necessary stakeholders about any changes you've made to the plans.

7. Update your plan as needed.

Consider your contingency plan a work in progress. You’ll need to adapt it as new risks arise and to ensure it still makes sense for your business needs. Whenever a new manager or executive joins the team, be sure to share it with them as needed so they know what (if anything) is expected of them.

Contingency Planning Timeline

As planning is always an involved process, you may be wondering how much time you should devote to each step. Let's discuss a timeline below.

Week One: Identify Key Operations

Give yourself about a week to identify the operational areas essential for business function. You likely already know what these areas are, but you want to do enough research to identify them all.

Weeks Two & Three: Brainstorm Scenarios

Take two to three weeks to brainstorm the scenarios you're going to create plans for. Spend as much time as possible speaking to the necessary stakeholders to understand their ideas about the scenarios and how they'd like them dealt with. You'll want to conduct probability assessments and market research to understand if your competitors have ever dealt with something similar. You want to make sure you have all the necessary information before drafting your plan, so this step should be the longest.

Week Four: Draft Plan

Give yourself a week to draft your plans. The first two steps should give you all the information you need, so the third step is simply fine-tuning your research and creating the final plan. You can also share what you've created with your stakeholders and iterate on what you have based on their feedback.

The final step to creating your plan, maintaining and testing, is a continuous effort. As mentioned above, your business will likely be impacted by different things at different times, so it's always important to review plans and ensure they still relate to your needs. For example, maybe you plan to do quarterly reviews and training so new hires, and existing employees, are all on the same page.

Contingency Planning Example

It may be helpful to have an example of a contingency plan, so we'll go over one below. The examples are of a positive and negative situation, so you can get a sense of how a plan applies to both.

Contingency Planning Mistakes to Avoid

Even with the best intentions, your contingency plan may get off to a rocky start. Here are some common mistakes to avoid when creating one of your own.

Not securing executive buy-in first.

Before you can get your team or department onboard, you must get buy-in from the executive team. Otherwise, you risk creating a doomed plan from the start.

Get their feedback on potential risks and other factors that may impact guidelines in the plan. Having executive support from the start ensures the plan put forth is approved and also can motivate those at the department level to buy-in as well.

Failure to cover multiple scenarios.

When assessing potential risks and scenarios, it’s important not to cut corners or slack. Scenario planning is key to your contingency plan’s success. All potential risks should be taken into account. You can rank them by likelihood, but you should by no means leave less likely events out. Otherwise, you leave yourself vulnerable should the event happen.

Think about how many businesses were affected by supply chain issues during the pandemic. Most probably never predicted such a catastrophe, but the ones that had a plan in place for such an obstacle were better prepared.

Set it and forget it.

It’s really easy to get comfortable once your contingency plan is in place — after all, if you did your due diligence from the start, you’re ready to tackle any obstacle thrown your way.

Unfortunately, it’s not a one-and-done process. A contingency plan should be looked at as a living document and updated as needed. Your business needs will change over time and so will its obstacles and risks.

Create Business Contingency Plan

All in all, contingency plans help you prepare for a host of what-if scenarios, whether they happen or not. As you never want to be caught in a challenging situation, being prepared is the best thing you can do to ensure your business continues to succeed, regardless of whatever happens along the way.

As the saying goes, better safe than sorry .

Editor's note: This post was originally published in November 2021 and has been updated for comprehensiveness.

Don't forget to share this post!

Related articles.

Social Media Crisis Management: Your Complete Guide [Free Template]

De-Escalation Techniques: 19 Best Ways to De-Escalate [Top Tips + Data]

Situational Crisis Communication Theory and How It Helps a Business

What Southwest’s Travel Disruption Taught Us About Customer Service

Showcasing Your Crisis Management Skills on Your Resume

What Is A Business Continuity Plan? [+ Template & Examples]

What Is Reputational Risk? [+ Real Life Examples]

10 Crisis Communication Plan Examples (and How to Write Your Own)

Top Tips for Working in a Call Center (According to Customer Service Reps)

Top 5 Crisis Management Skills for Business Leaders (& How to Apply Them)

Use this contingency plan template to communicate risk, prevention, and mitigation measures in your company.

• Search Search Please fill out this field.
• Business Continuity Plan Basics
• Understanding BCPs
• Benefits of BCPs
• How to Create a BCP
• BCP & Impact Analysis
• BCP vs. Disaster Recovery Plan

Frequently Asked Questions

• Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

• Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
• BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
• BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

• Determining how those risks will affect operations
• Implementing safeguards and procedures to mitigate the risks
• Testing procedures to ensure they work
• Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How to Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

• Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
• Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
• Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
• Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be identified and corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

• The impacts—both financial and operational—that stem from the loss of individual business functions and process
• Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ," Pages 15 - 17. Accessed Sept. 5, 2021.

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

What Is Contingency Planning?

Based on your business continuity threat and risk assessment, what are the most concerning natural, technological, or manmade potential threats to your business?

For businesses located along the San Andreas fault line in California, it might be a major earthquake ( a 19% chance in the next 30 years ). For companies in Florida, it might be a hurricane ( a 61% chance ). For those in New York City, it could be a terrorist attack (threat levels change daily). And for some businesses across the U.S., particularly for those in rural areas, the greatest concern might be losing internet access for an extended period of time.

That’s where your contingency plans come in. Don’t have any? You should. Let’s take a closer look at what contingency planning is and how it’s different than business continuity.

Business Continuity Planning Vs. Contingency Planning

“Contingency planning” and “business continuity” are often-confused terms. They are similar in meaning—both are intended to enable organizations to continue operations in the event of a crisis—but the details of both concepts differentiate them.

What is business continuity planning?

Business continuity encompasses a range of activities that revolve around one central question: Could you maintain business as usual in the face of a disruption? It includes the writing of business recovery plans —plans that provide direction on the steps to take should a disruption ever occur.

Intended to cover a broad range of disruptive scenarios, recovery plans are tailored to address the impact of an event rather than a specific event itself—for instance, not the loss of your workplace due to a hurricane specifically, but the loss of your workplace due to any unexpected event.

Download this business recovery planning guide to find out the four categories of disruptions you need to plan for.

What is contingency planning.

Contingency planning, on the other hand, addresses survival in the face of specific types of events—those that present the greatest threat to the survival of your business (like hurricanes, earthquakes, terrorist attacks, etc.). The contingency plan acts as a reference guide for business leaders, laying out instructions to follow should these particular events ever occur. Many city governments, for example, have contingency plans for events that have a higher likelihood of occurring—anything from floods to power outages to energy shortages. Contingency plans are written with a greater level of detail than recovery plans (i.e., 10 things employees should do before they evacuate the building due to a hurricane vs. simply a general directive to evacuate the building should the need arise), but both sets of directives go hand-in-hand.

How do you know which contingency plans you need?

Even if you have business continuity plans, it’s smart to create contingency plans as well because of the high level of risk posed by certain scenarios.

To determine the type of contingency plans you need, start by performing a Business Impact Analysis (BIA). The BIA identifies your organization’s most critical business units and processes—information that will help ensure your contingency plans support the right components for survival.

Next, conduct a threat and risk assessment to identify conditions or situations that may cause a business process outage, and then determine the probability of those risks occurring. From the threats listed, pinpoint those that have:

• High probability of occurring and high impact on your critical processes.
• Low probability of occurring and high impact on your critical processes.

These are the scenarios for which you need contingency plans. (Even if an event has a low probability of occurring but would have a catastrophic impact should it take place, it’s wise to create a contingency plan.) They pose the highest-level of risk to your organization, which is why it’s important to be well-prepared.

Prepare For Any Crisis With BCMMetrics™ Business Continuity Software

BCMMetrics™ can help you get the necessary information to start creating effective contingency plans for your business, without hiring outside help. Our BIA On-Demand (BIA OD ) tool gives you all the right questions to ask to accurately identify your company’s most critical processes and their dependencies. And the Residual Risk (R 2 ) tool helps measure and assess risk factors and the threat landscape for your organization. There’s no software to install; it’s all cloud-based and secure, so you can get started right away.

Interested in scheduling a free demo of BCMMetrics™ to see the tools in action? Sign up today to book a time.

• Client Login
• Compliance Confidence
• BIA On-Demand
• BCM Planner
• Residual Risk

• Business Continuity
• Disaster Recovery
• Crisis Management
• Training and Awareness

We're not around right now. But you can send us an email and we'll get back to you, asap.

Start typing and press Enter to search

• Services and Support

• SAP Insights
• Contingency and business continuity planning best practices

Contingency and business continuity planning best practices – Beyond templates and checklists

Contingency planning is a broad term. in theory, any business continuity checklist can be developed around issues as mundane as organizing fire drills (don’t forget to take your laptop with you). but if the covid-19 crisis is any indication as to how quickly normal operations can be upended, today’s hr organizations should be thinking about and creating business continuity plans for a much wider range of scenarios..

Everything should be on the table, from the next pandemic to preventable and unpreventable scenarios alike. Think natural disasters, accidents, intentional acts, IT outages, you name it. In each case, lay out how operations and resources must be shifted, refocused, removed, or added to maintain as much business continuity as possible.

All this begs the question of where to begin.

The short answer is anywhere and everywhere, all at once, so the organization isn’t caught flat-footed, as so many were at the start of 2020. But the long answer is that there are several emergency-preparedness best practices that HR managers should adhere to in part or in sum to ensure business continuity in the face of a crisis. Keeping these best practices in mind will inform the foundation of a business continuity plan template that can be followed, expanded upon, or customized to fit any situation as it develops.

How to create a contingency plan: Critical elements

There’s power in communication and policy alike. So before developing tactical steps to suit any possible scenario, it’s important to think of contingency planning as encapsulating three ideas:

• What workers want, which is essentially the employee experience in an emergency situation;
• Perception, which comprises the rumors circulating about how the company is handling the situation; and
• Business needs, which is how the company is performing in terms of maintaining business continuity and serving customers effectively.

Where these three overlap is the feedback loop – when, where, how, with what frequency, and the authenticity of communication between the company and its employees about the adverse event or situation. 

Critical elements to consider in a contingency plan.

The feedback has to be timely, and whoever delivers the communication has to be honest and transparent.

Greg Selke, VP and HR value advisor, SAP SuccessFactors

“The feedback has to be timely, and whoever delivers the communication has to be honest and transparent,” says Greg Selke, vice president and HR value advisor for SAP SuccessFactors. And as part of any business continuity plan, he explains, the methods of communication need to be planned well in advance. If, in the aftermath of unfortunate events, HR managers are deciding whether to send an email or text message to employees, the action plan is already lagging. But the more important thing to remember about the model above, Selke notes, is that it can work as well for a company of 20 employees as for one of 200,000.

The model must, however, be underpinned by a robust examination and evolution of policy. That requires equal parts intelligence and agility, particularly for a situation like the COVID-19 pandemic, since no one knows what a return to normal even looks like, never mind if and when it will be possible. This should include everything from rethinking what  performance management  looks like to providing resources or even time off for employees to manage stress – or perhaps help with their school-age kids’ homework. It all speaks to a better  employee experience  while still holding workers accountable for results. Still, policy flexibility is essential.

Think of it like this. What if a company asks sales reps to arrange in-person meetings, but some feel it’s unsafe? Or what if the clients don’t want to be visited due to safety concerns? What about employees with disabilities or those at a higher risk of severe coronavirus symptoms? HR managers need to weigh all these types of scenarios and more as they augment emergency preparedness strategies with new policies. The employee experience of any situation is what should drive the business continuity response.

It’s only after the above three elements – what workers want, perception and business needs, and the overlapping feedback – are carefully considered that specific plans should be laid out.

Find the right framework: Common characteristics of continuity plans

There are multiple business continuity plan samples to be found online, all of which help lay out the types of steps and procedures for different types of companies, nonprofits, and public services – even schools. As an HR leader begins determining tactical steps in any of those frameworks to preserve the business amid several unfortunate scenarios, a few key components should stay front and center of plans that address both small- and large-scale situations.

While this is a broad and often overused term, in the context of business continuity it’s perhaps the most important consideration. It’s not just about people being able to work remotely; it’s about the company’s ability to communicate with everyone, wherever they are. Here are a few questions to start with: 

• Are emergency contacts in place for everyone?
• What are the key business-critical roles and who holds them?  
• Are there tools in place that ensure worker safety?  
• Do employees have the ability to view their personal data and manage  benefits , time off, and scheduling to adapt to the crisis at hand?  
• Does the organization have the ability to  gather clear insights  on what employees are thinking and expecting from the company so HR can take quick, appropriate action? 

The more HR leaders can think about agility in these terms and employ the proper tools (many of them interconnected and cloud-enabled), the easier it will be to develop a more comprehensive set of contingency plans.

Succession modeling 

When talking about business-critical roles, HR needs to be able to identify the required skills, potential successors, and alternates who can step in at a time of crisis. As part of contingency planning, HR professionals should be constantly imagining and reconfiguring the organization for certain and uncertain times alike. That means thinking about positions or even entire departments that might need to be moved, reconfigured, or reallocated under various business conditions and scenarios. It’s also important to have insight and analytics that lay out the wider effects any of these emergency-situation reconfigurations will have on the company – to payroll or diversity, for example. After all, realigning resources to fit with new goals will only go so far if it doesn’t deliver the cost savings required in leaner times or if it adversely affects diversity and inclusion – some of the most important considerations in any company’s long-term plans. 

Worker training

Most would file training, upskilling, and reskilling under agility (above), but in the context of business contingency planning, training takes on a different meaning. In terms of keeping operations running during uncertain times, having a  robust training program  in place well in advance of any crisis helps HR managers avoid frantic hiring when and if the corporate strategy needs to shift.  

By defining the types of jobs that will be necessary and the requisite skills for each, then instituting the appropriate learning tools, HR managers can set up, launch, and track the needed training programs. This may constitute  upskilling or reskilling initiatives  – or a combination of the two – in line with business objectives likely to arise in the face of specific emergency situations. Either way, this means setting the concept of skills at the center of the HR talent approach so that they are the foundation of both job descriptions and people’s careers – and are ready for further development before adverse conditions arise.

Realigning and reconnecting 

In times of normal operations, businesses tend to have little trouble setting goals and communicating them to employees. People tend to know the targets they’re working toward. However, when operations are disrupted by a pandemic, natural disaster, or some other short- or long-term situation, the goals tend to go out the window. But it’s not just about scaling back expectations. In order to preserve business continuity, objectives might have to be completely redefined, so it’s critical to  set new targets, communicate them clearly, and keep track  of how workers are performing toward those new objectives.  

It’s also important that everyone and everything is working in harmony, even mid-crisis. HR managers in particular should look for  digital toolkits  that help teams, departments, groups of employees, HR – really anyone – communicate and collaborate without the hassle of adding IT infrastructure. The more employees can share knowledge and information with one another quickly and easily in times of uncertainty, the more resilient the business will be. 

Balancing the business with the employee experience

While continuity planning is about having both the right mindset and set of tools in place so the company can pivot broadly or selectively in response to a crisis, HR managers must always walk the uncomfortable tightrope between employee advocacy and business strategy. At the same time, however, HR can’t and shouldn’t go it alone.

Effective preparedness requires input and buy-in throughout the organization – from the CEO to legal to finance to health and safety. HR should take the lead, but the best-prepared companies bring all the aforementioned functions to the table to plan and act accordingly so no one person – not even the CHRO – is making critical decisions in a vacuum. This approach not only puts the company in a better place for crises on the horizon, it underscores the unique role that HR plays in caring for employees while simultaneously honoring a commitment to ensure business continuity. Making accessible, intuitive technology a part of those plans only strengthens the understanding of HR’s mandate up and down the organization.

It shouldn’t take a once-in-a-generation earthquake or pandemic for everyone in the company to understand that. But if best practices are followed when developing continuity plans, a company’s preparedness will ensure business agility and resiliency in the short and long terms.

Explore SAP SuccessFactors HXM Suite

Access resources to help you manage your business in times of crisis.

More in this series

Sap insights newsletter, ideas you won’t find anywhere else.

Sign up for a dose of business intelligence delivered straight to your inbox.

Further reading

• Trending Categories

• Selected Reading
• UPSC IAS Exams Notes
• Developer's Best Practices
• Questions and Answers
• Effective Resume Writing
• HR Interview Questions
• Computer Glossary

Difference between Business Continuity and Contingency Plan

Any kind of disruption must be avoided at all costs if a business is to continue to thrive. Most events with the potential to disrupt business operations cannot be foreseen. Terrorist activities, cyberattacks, and natural disasters like floods, earthquakes, and fires all fall within this category. These things have a negative effect on organizations financially, as well as in terms of consumer loyalty and market share.

Because no one can predict what will happen or how fast businesses will be able to resume regular operations, it is the duty of businesses to ensure that their operations can continue normally in the event that something goes wrong. This kind of precautionary measure includes things like backup plans and strategies for keeping business operations running smoothly.

What is Business Continuity?

The term "business continuity" is used to describe a company's ability to keep running normally in the presence of disruptive factors. A pandemic, a commercial crisis, a natural disaster, or workplace violence are all examples of such events. Companies should anticipate and make provisions for any occurrences that may have an adverse effect on the company's activities and services, as well as major interruptions that would have an overall impact on business operations.

The following are examples of what may be in a business continuity plan, however, this is by no means a complete list −

The team that will handle crises as they arise

Clients are assured of having easy access to services and to other clients through the arrangements put in place.

Workers are given some help through a series of measures.

Restatement of an organization's essential functions by the application of various technological means

Where to relocate workers and company if essential facilities are unavailable

It's important to plan ahead so that there are enough people on hand in case of an emergency.

A business continuity strategy will safeguard a corporation from a range of possible threats, including the following −

Fires, technological failures, earthquakes, and floods are some examples of the natural and local tragedies that could occur.

Disruptions to networks: This is vital information for firms that must have dependable connectivity to run.

Cybersecurity - Because of the growth in the number of cyberattacks, firms should ensure that all of their data is backed up.

Outages can be caused by irresponsible acts and a lack of awareness on the part of humans; these problems should be avoided wherever feasible.

What is Contingency Plan?

Any event or circumstance that occurs outside the normal course of business is considered a contingency. In light of this, we can say that a contingency plan is a definite and actionable strategy that will be implemented in the event that a certain risk to the company or an adverse event occurs. Risk management is the process of developing backup plans to deal with both anticipated and unforeseen problems. This may be refined to better take advantage of future strategic chances.

Having a backup plan is essential for every business, but especially so for smaller and medium-sized enterprises (SMEs), which are just as vulnerable to disruption from unforeseen events as their larger counterparts. Moreover, they may be modified to meet the needs of individual divisions. To protect, restore, and utilize data in a business, for instance, the information services department may need to draft a backup strategy.

The significance of making plans for unforeseen events -

After an unexpected occurrence has taken place, businesses should be able to quickly restart normal business activities.

Minimizes consumer hassles

In the framework of the recovery, the identification of workforce requirements

The following are components that a solid backup plan needs to have -

Catastrophic events caused by nature, including earthquakes, fires, and storms

Crisis involving accidents and injuries that occurred in the job place

incidents involving personnel, such as strikes and fatalities of workers

Problems with the product, such as relocating the plans

Mismanagement, including loss due to theft and unintentional destruction

The first step in creating a backup plan is to assess the potential impact of unforeseen circumstances on critical business processes and areas. The next thing to do is to map out the steps that will be taken to put the plan into action in the case of an emergency. What has to be done, and what resources will be needed, to get things back up and running smoothly must be identified and recorded. To be successful, a contingency plan must take into consideration the whole range of a company's operations.

Differences: Business Continuity and Contingency Plan

Both include requiring measures that businesses must take to keep running following calamities. The following table highlights how Business Continuity is different from Contingency Plan -

Business continuity refers to an organization's ability to carry on with its normal operations and activities notwithstanding the occurrence of unforeseen events. The concept is based on the premise that business may go on as usual following catastrophic events.

A contingency plan, on the other hand, is a specific and well-described set of actions to be taken in the event that a certain risk to the firm materializes or an undesirable event takes place. It is based on the concept of being ready for any and all interruptions, and on the actions that are to be taken should they occur.

• Related Articles
• Difference between Business Continuity Plan and Disaster Recovery Plan
• Difference between Business Continuity and Business Resilience
• Difference between Business Continuity and Disaster Recovery
• Difference between Strategy and Strategic Plan
• Difference Between WBS and Project Plan
• Difference Between Windows and Plan 9
• What is Cybersecurity Business Continuity Planning (BCP)?
• Difference Between Test Plan and Test Strategy
• Difference between Business Process Management and Business Process Reengineering
• Difference between Marketing and Business Development
• Difference Between CNBC and Fox Business
• Ensure Business Resilience with Cloud-Based Disaster Recovery and Continuity Planning Solutions
• Difference between Social Business and Social Entrepreneurship
• Difference between Business Analyst and Data Analyst
• Difference between Business Class and Premium Economy

Kickstart Your Career

Get certified by completing the course

Official website of the Cybersecurity and Infrastructure Security Agency

Here’s how you know

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

• Education & Training
• NICCS Education & Training Catalog
• Mentor Source, Inc.

Contingency Planning: Business Continuity and Disaster Recovery Plans

• Online, Self-Paced

Preparing your Organization in the Event of a Business Disruption

Disasters could cripple your organization, suspending mission-critical processes and disrupting service to your customers. These disasters could be man-made or natural in nature. The Business Continuity Plan (BCP) addresses an organization’s ability to continue functioning when normal operations are disrupted. A Disaster Recovery Plan is used to define the resources, action, tasks, and data required to manage the business recovery process in the event of a disaster. In this webinar you learn to identify vulnerabilities and implement appropriate countermeasures to prevent and mitigate threats to your mission-critical processes. You learn techniques for creating a business continuity plan and the methodology for building an infrastructure that supports its effective implementation.

During this 2 hour training event with Mark, you will learn how to:

• Create, document and test continuity arrangements for an organization
• Perform a risk assessment and Business Impact Assessment (BIA) to identify vulnerabilities
• Select and deploy an alternate site for continuity of mission-critical activities
• Identify appropriate strategies to recover the infrastructure and processes
• Organize and manage recovery teams
• Test and maintain an effective recovery plan in a rapidly changing business and technology environment

Learning Objectives

• Satisfy Annual Role Based Security Training Requirements
• Enhance awareness of IT and/or cyber security issues, threats and solutions.

Framework Connections

• Protect and Defend

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

• Contact Sales
• Download App
• Business strategy |
• What is a contingency plan? 9 steps tha ...

What is a contingency plan? 9 steps that could save your business when crisis strikes

A business contingency plan is a backup strategy for your team or organization. It lays out how you’ll respond if unforeseen events knock your plans off track—like how you’ll pivot if you lose a key client, or what you’ll do if your software service goes down for more than three hours. Get step-by-step instructions to create an effective contingency plan, so if the unexpected happens, your team can spring into action and get things back on track.

No one wants Plan A to fail—but having a strong plan B in place is the best way to be prepared for any situation. With a solid backup plan, you can effectively respond to unforeseen events effectively and get back on track as quickly as possible. 

A contingency plan is a proactive strategy to help you address negative developments and ensure business continuity. In this article, learn how to create a contingency plan for unexpected events and build recovery strategies to ensure your business remains healthy.

What is a business contingency plan? 

A business contingency plan is a strategy for how your organization will respond to important or business-critical events that knock your original plans off track. Executed correctly, a business contingency plan can mitigate risk and help you get back to business as usual—as quickly as possible. 

You might be familiar with contingency plans to respond to natural disasters—businesses and governments typically create contingency plans for disaster recovery after floods, earthquakes, or tornadoes. 

But contingency plans are just as important for business risks. For example, you might create a contingency plan outlining what you will do if your primary competitors merge or how you’ll pivot if you lose a key client. You could even create a contingency plan for smaller occurrences that would have a big impact—like your software service going down for more than three hours.

The differences between a business contingency plan and a project risk management plan

A contingency plan is similar to a project risk management plan or a crisis management plan because it also helps you identify and resolve risks. However, a business contingency plan should cover risks that span multiple projects or even risks that could affect multiple departments. To create a contingency plan, identify and prepare for large, business-level risks.

Contingency plan examples

There are a variety of reasons you’d want to set up a contingency plan. Rather than building one contingency plan, you should build one plan for each type of large-scale risk or disaster that might strike. 

Environmental contingency plan

While severe earthquakes aren’t particularly common, being unprepared when “the big one” strikes could prove to be catastrophic. This is why governments and businesses in regions prone to earthquakes create preparedness initiatives and contingency plans.

A government contingency plan for an earthquake could include things like: 

The names and information of the people designated to handle certain tasks in advance to ensure the emergency response is quick and concise

Ways to educate the public on how to respond when an earthquake hits

A timeline for emergency responders.

Technology contingency plan

If your business is particularly data-heavy, for example, ensuring the safety and security of your information systems is critical. Whether a power surge damages your servers or a hacker attempts to infiltrate your network, you’ll want to have an emergency response in place.

A business’s contingency plan for a data breach could involve: 

Steps to take and key team members to notify in order to get data adequately secured once more

The names and information of stakeholders to contact to discuss the impact of the data breach and the plan to protect their investment

A timeline to document what is being done to address the breach and what will need to be done to prevent data breaches in the future

9 steps to create a contingency plan

You can create a contingency plan at various levels of your organization. For example, if you're a team lead, you could create a contingency plan for your team or department. Alternatively, company executives should create business contingency plans for situations that could impact the entire organization. 

As you create your contingency plan, make sure you evaluate the likelihood and severity of each risk. Then, once you’ve created your plan—or plans—get it approved by your manager or department head. That way if a negative event does occur, your team can leap to action and quickly resolve the risk without having to wait for approvals.

1. Make a list of risks

Before you can resolve risks, you first need to identify them. Start by making a list of any and all risks that might impact your company. Remember: there are different levels of contingency planning—you could be planning at the business, department, or program level. Make sure your contingency plans are aligned with the scope and magnitude of the risks you’re responsible for addressing. 

A contingency plan is a large-scale effort, so hold a brainstorming session with relevant stakeholders to identify and discuss potential risks. If you aren’t sure who should be included in your brainstorming session, create a stakeholder analysis map to identify who should be involved.

2. Weigh risks based on severity and likelihood

You don’t need to create a contingency plan for every risk you laid out. Once you outline risks and potential threats, work with your stakeholders to identify the potential impact of each risk. 

Evaluate each risk based on two metrics: the severity of the impact if the risk were to happen, and the likelihood of the risk occurring. During the risk assessment phase, assign each risk a severity and likelihood—we recommend using high, medium, and low. 

3. Identify important risks

Once you’ve assigned a severity and likelihood to each risk, it’s up to you and your stakeholders to decide which risks are most important to address. For example, you should definitely create a contingency plan for a risk that’s high likelihood and high severity, whereas you probably don’t need to create a contingency plan for a risk that’s low likelihood and low severity. 

You and your stakeholders should decide where to draw the line.

4. Conduct a business impact analysis

A business impact analysis (BIA) is a deep dive into your operations to identify exactly which systems keep your operations ticking. A BIA will help you predict what impact a specific risk could have on your business and, in turn, the response you and your team should take if that risk were to occur. 

Understanding the severity and likelihood of each risk will help you determine how exactly you will need to proceed to minimize the impact of the threat to your business. 

For example, what are you going to do about risks that are low severity but high likelihood? What about risks that are high severity, but relatively low likelihood? 

Determining exactly what makes your business tick will help you create a contingency plan for every risk, no matter the likelihood or severity. 

5. Create contingency plans for the biggest risks

Create a contingency plan for each risk you’ve identified as important. As part of that contingency plan, describe the risk, and brainstorm what your team will do if the risk comes to pass. Each plan should include all of the steps you need to take to return to business as usual.

Your contingency plan should include information about:

The triggers that will set this plan into motion

The immediate response

Who should be involved and informed

Key responsibilities, including a RACI chart if necessary

The timeline of your response (i.e. immediate things to do vs. longer-term things to do)

For example, let’s say you’ve identified a potential staff shortage as a likely and severe risk. This would significantly impact normal operations, so you want to create a contingency plan to prepare for it. Each person on your team has a very particular skill set, and it would be difficult to manage team responsibilities if more than one person left at the same time. Your contingency plan might include who can cover certain projects or processes while you hire a backfill, or how to improve team documentation to prevent siloed skillsets. 

6. Get approval for contingency plans

Make sure relevant company leaders know about the plan and agree with your course of action. This is especially relevant if you’re creating team- or department-level plans. By creating a contingency plan, you’re empowering your team to respond quickly to a risk, but you want to make sure that course of action is the right one. Plus, pre-approval will allow you to set the plan in motion with confidence—knowing you’re on the right track—and without having to ask for approvals beforehand.

7. Share your contingency plans

Once you’ve created your contingency plans, share them with the right people. Make sure everyone knows what you’ll do, so if and when the time does come, you can act as quickly and seamlessly as possible. Keep your contingency plans in a central source of truth so everyone can easily access them if necessary.

Creating a project in a work management platform is a great way of distributing the plan and ensuring everyone has a step-by-step guide for how to enact it.

8. Monitor contingency plans

Review your contingency plan frequently to make sure it’s still accurate. Take into account new risks or new opportunities, like new hires or a changing business landscape. If a new executive leader joins the team, make sure to surface the contingency plan for their review as well. 

9. Create new contingency plans (if necessary)

It’s great if you’ve created contingency plans for all the risks you found, but make sure you’re constantly monitoring for new risks. If you discover a new risk, and it has a high enough severity or likelihood, create a new contingency plan for that risk. Likewise, you may look back on your plans and realize that some of the scenarios you once worried about aren’t likely to happen or, if they do, they won’t impact your team as much.

Common contingency planning pitfalls—and how to avoid them

A contingency plan is a powerful tool to help you get back to normal business functions quickly. To ensure your contingency planning process is as smooth as possible, watch out for common pitfalls, like: 

Lack of buy-in

It takes a lot of work to create a contingency plan, so before you get started, ensure you have support from executive stakeholders. As you create your plan, continuously check in with your sponsors to ensure you’ve addressed key risks and that your action plan is solid. By doing so, you can ensure your stakeholders see your contingency plan as something they can get behind.

Bias against “Plan B” thinking

Some company cultures don’t like to think of Plan B—they like to throw everything they have at Plan A and hope it works. But thinking this way can actually expose your team to more risks than if you proactively create a Plan B.

Think of it like checking the weather before going sailing so you don’t accidentally get caught in a storm. Nine times out of ten, a clear sunny day won’t suddenly turn stormy, but it’s always better to be prepared. Creating a contingency plan can help you ensure that, if a negative event does occur, your company will be ready to face it and bounce back as quickly as possible. 

One-and-done contingency plans

It takes a lot of work to put a contingency plan together. Sometimes when you’ve finished, it can be tempting to consider it a job well done and forget about it. But make sure you schedule regular reminders (maybe once or twice a year) to review and update your contingency plan if necessary. If new risks pop up, or if your business operations change, updating your contingency plan can ensure you have the best response to negative events. 

You’ve created a contingency plan—now what?

A contingency plan can be a lot of work to create, but if you ever need to use it, you’ll be glad you made one. In addition to creating a strong contingency plan, make sure you keep your plan up-to-date.

Being proactive can help you mitigate risks before they happen—so make sure to communicate your contingency plan to the team members who will be responsible for carrying them out if a risk does happen. Don’t leave your contingency plan in a document to collect dust—after creating it, you should use it if need be!

Once you’ve created the plan, make sure you store it in a central location that everyone can access, like a work management platform . If it does come time to use one of your contingency plans, storing them in a centrally accessible location can help your team quickly turn plans into action.

Related resources

Marketing leaders talk AI: How to optimize your tech stack

4 types of concept maps (with free templates)

Marketers are AI skeptics. Here’s how to fix that.

Human-centric AI at work: A playbook for powering your organization with AI

• Sales: (855) 204-8823
• Client Support
• (888) 969-3636

Cybersecurity

• Co-Managed IT
• Data Analytics
• Cloud Computing
• Business Internet
• All Services
• Architecture and Design
• Biotechnology
• Construction
• Finance and Insurance
• Law Offices and Law Firms
• Logistics and Distribution
• Manufacturing

View All Posts

By: Jessa Mikka Convocar on July 28th, 2022

Print/Save as PDF

Disaster Recovery vs. Business Continuity vs. Incident Response Plans

Cybersecurity | Data Backup

When starting a business, one of the main considerations is developing a plan that accounts for the possibility of a security breach occurring within the organization. Since breaches are not uncommon in the cyberworld's complex operations, you will need a contingency plan during worst-case scenarios.  

Unfortunately, many businesses don’t have comprehensive IT plans set up or don’t really know how each plan works for them. While others often get overwhelmed with all the acronyms and technological terms and end up with no plan at all.   

This security gap is an imminent danger to one’s business.   

ITS has been helping hundreds of businesses bolster their cybersecurity for nearly twenty years. One effective way to strengthen the network defenses is by helping them develop a strategic IT plan, or in this case, plans.  

You usually hear the terms Business Continuity Plan and Disaster Recovery Plan; most of the time, they go together. But there is a distinction between the two, as well as an Incident Response Plan.

Here, you’ll learn the differences and importance of each plan and understand why you need all three.   

What is a Disaster Recovery Plan?  

A Disaster Recovery (DR) plan is a set of policies and procedures created by an organization that enables the recovery or continuation of vital IT infrastructure and systems following a natural or human-induced disaster , such as:  

• Data loss and failed backups    
• Network interruptions  
• Hardware failure  
• Utility outages  
• On-site threats and physical dangers  

We reached out to Jeff Farr, Intelligent Technical Solutions Security Consultant, to give a brief distinction of the three plans. Farr has extensive experience running MSPs with his 30 years in the IT industry.  

“Disaster Recovery is when you need to recover your technology... It has to do with the IT portion during the aftermath of a disaster.” he says.

For example, fire comes in and burns down a huge part of an office building, taking out the server room where all data is stored. The DR plan is to immediately start setting up servers in the Cloud before everything gets out of hand.   

However, just getting the servers back up does not mean the business will continue–that is why a DR should go hand in hand with a Business Continuity Plan.  

What is a Business Continuity Plan?  

The Business Continuity (BC) plan is a system for dealing with both internal and external threats. So, given that your IT team had already resolved the technical issues, the problem now is where would the employees work?   

“It may be that the employees don’t have desks, or all the office computers are burned to the floor. The problem may also be how they would get into the building because the fire department wouldn’t let them in.” Farr explains.  

A BC plan is a vital component in resolving the effects of a company disaster and addressing loss. It lays down the operational procedures of how the business can keep running amid certain limitations. The plan strategy can be summarized as follows:  

• Defining and documenting the type of incident that occurred  
• Responsibilities of the team during the incident  
• Communication  
• Assessment of the team  
• Regular updating of the plan  

What is an Incident Response Plan?   

“Incident Response or IR is a cybersecurity term that denotes a security incident within the organization. It means something has happened. Maybe an unauthorized individual got into the network, or a malicious virus or ransomware infiltrated your connection,” Farr says.  

The incident could be a major one, such as all the computers getting hacked, or a localized one where only one computer isn’t working. Case in point, you have an incident, and you need a predefined plan of what you must do.  

When a cyberattack or breach occurs, the Incident Response (IR) plan is a document that must guide the team through the recovery processes. It will be extremely beneficial if a company is equipped with complete information about the response procedures to any cyber incident . Such events may be:  

• Disclosure of confidential information  
• Asset theft or damage  
• Unauthorized use of services and information  
• Malware in the system  
• Unauthorized modifications and access to organizational hardware and software  
• Disruption of the network  
• Failure of critical servers  

To carry out the IR as planned, an incident response team comprised of the team manager, security analysts, legal advisors, and public relations officers must be formed. They will be in charge of carrying out the plan.   

Do you need to have all three plans?   

The quick answer to that is, as Farr says, 100% YES.  

But since it could get confusing for some, Farr gives a simple explanation of how you can separate the three:   

• Business Continuity is the way to get your business back up and running after something, a disaster or accident, happened.   
• Disaster Recovery is the process of IT people trying to get technology back up and running. 
• Incident Response is in the cybersecurity world where an IR team is trying to respond to the cybersecurity of a situation, and the trouble that comes after.   

Farr adds, “I don’t think you can have a Disaster Recovery Plan vs. Business Continuity Plan vs. Incident Response Plan without exaggerating the importance of all three. Always keep in mind that your IR should coincide and work with your DR and BC. They need to be coordinated without stepping on each other.”  

Need help setting up Disaster Recovery, Business Continuity, and Incident Response Plans?   

While the objectives of the three plans differ, the goal is the same: to protect companies when it comes to the safety of their operation s. So having all three of them is essential to be prepared.   

But as a Managed IT Service Provider , ITS understands that building an extensive DR, BC, and IR plan demands great effort and resources. Just thinking about all the things that need to be done, not to mention the maintenance, may be quite overwhelming for your organization.   

That is where the expertise of a Managed IT comes in.   

Related Resources

What is an incident response plan (and why you need it) [video], 10 tips for cybersecurity on a budget [updated in 2023].

Data Backup

9 Steps to Build a Reliable IT Disaster Recovery Plan

• Find a Branch
• Schwab Brokerage 800-435-4000
• Schwab Password Reset 800-780-2755
• Schwab Bank 888-403-9000
• Schwab Intelligent Portfolios® 855-694-5208
• Schwab Trading Services 888-245-6864
• Workplace Retirement Plans 800-724-7526

... More ways to contact Schwab

  Chat

• Schwab International
• Schwab Advisor Services™
• Schwab Intelligent Portfolios®
• Schwab Alliance
• Schwab Charitable™
• Retirement Plan Center
• Equity Awards Center®
• Learning Quest® 529
• Mortgage & HELOC
• Charles Schwab Investment Management (CSIM)
• Portfolio Management Services
• Open an Account

Business continuity

Schwab's business continuity and contingency planning

Securities industry regulations require that brokerage firms inform their clients of their plans to address the possibility of a business disruption that potentially results from power outages, natural disasters, or other events. Charles Schwab & Co., Inc. has a comprehensive business continuity program in place, which is reviewed, updated, and tested on a regular basis. The program provides for continuation of client service within minutes in most cases.

Here are a few examples of what might occur if Schwab were to experience a business disruption of varying magnitude:

• If one of our telephone service centers became unavailable for any reason, calls would be immediately re-routed to our other service centers across the country.
• If we had a power outage in a particular region or business district, telephone and electronic communications would be immediately and seamlessly re-routed to alternate locations for the duration of the outage.
• In the event of a public health crisis that resulted in a high rate of employee absenteeism, Schwab would focus available personnel on critical business functions that directly support client needs. Additionally, we would enact our workforce continuity plan which includes social distancing and other policies to limit exposure.
• Comprehensive plans are maintained to facilitate timely restoration of account services in the unlikely event of a technology disruption. These plans are tested regularly to ensure their viability.

While no contingency plan can eliminate all risk of service interruption or temporarily impeded account access, we continually assess and update our plans to mitigate all reasonable risk.

Disaster recovery plan vs. business continuity plan: Is there a difference?

Disaster recovery and business continuity are two terms often used interchangeably ' but doing so risks missing some of the key differences between the two strategies. To debunk the disaster recovery plan vs. business continuity plan debate, we look at:

• What each means
• Where the two are similar
• How they differ
• Why they are often confused
• Whether your organization needs both

What is Business Continuity?

Definitions of a business continuity plan vary, as you'd expect; as with any corporate strategy term, there are different interpretations. But while definitions may diverge slightly, the general understanding is that a business continuity plan (BCP) is designed to ensure that your business can maintain its operations in the event of a disaster, whatever form that might take. On the other hand, a disaster recovery plan focuses on how your organization will recover and rebuild following any crisis. IT firm Phoenix NAP believes that 'Disaster Recovery (DR) versus Business Continuity (BC) are two entirely different strategies, each of which plays a significant aspect in safeguarding business operations.' Best practice business continuity plans follow a set pattern with some standard features. A comprehensive BCP will:

• Identify the potential risks your business faces
• Allocate responsibility, putting in place the teams you need to continue operations
• Be built on best practice subsidiary and entity data
• Make back-up arrangements for power, systems and communications
• Prepare for recovery, identifying your disaster recovery team and the steps you will take to build back

This last point is where the potential 'grey area' between business continuity and disaster recovery starts to become apparent. Disaster recovery is a subset of business continuity planning and a vital element of a BCP. As well as planning for an immediate crisis-driven response, a business continuity plan should consider 'what happens next.' It's not just about how you deal with the immediate aftermath of a crisis, whether that's a cyber-attack, fire, flood, terrorist attack or any other human-made or natural disaster. It's about what you do next to restore operations on a more permanent footing. This is where the disaster recovery element of your planning comes in.

What is Disaster Recovery?

The disaster recovery plan and business continuity are very closely interlinked. Disaster recovery is the process of ' as you might imagine ' recovering after any business interruption or crisis. As InvenioIT puts it, 'A disaster recovery plan ...aims to answer the question: 'How do we recover from a disaster?'' What does a disaster recovery plan entail? It is typically a formal document, with details of steps needed to ensure you can recover rapidly from any disruption. IBM believes that a DR plan is more focused than a business continuity plan; as we said above, a subset of the BCP that focuses on how you recover your IT and systems to ensure operations return to normal as soon as possible. These formalized plans came into being in the 1970s. Businesses switched from being paper-based operations to ones dependent on systems and computer-based operations, technologies that require rapid response and clear action plans for contingency and recovery. Minimizing downtime by having recovery plans for your IT infrastructure and other operations means businesses can reduce the length and impact of any unexpected disruption.

Disaster Recovery Plan vs. Business Continuity Plan: How Do BCP and DR Plans Differ?

What is the difference between a disaster recovery plan and a business continuity plan? Given that you need to consider both business continuity and disaster recovery, it's worth exploring the two differences. Partly, as we mentioned above, the difference is about scope. The BCP is broad, while a DR plan will be more focused, looking specifically at how to get systems up and running in the aftermath of a disaster. An IT disaster can take many forms, from a localized hardware failure to a company-wide data breach ' and can have huge ramifications, with some 93% of businesses suffering an IT disaster going on to file for bankruptcy within a year . Another difference is in timing; the BCP should kick in as soon as a disruption is identified. Potentially, this means moving to back-up servers, power generators, remote working. On the other hand, the recovery plan tends to follow once the initial emergency response is in place, looking further ahead to determine how the business will rebuild and return to more normal operations. In either case, a written plan is vital, including a detailed business impact analysis that should be updated regularly. We've written before about the importance of keeping your business continuity plan up-to-date ' a lack of accurate data on your systems can significantly impact your ability to maintain operations and recover longer-term. Central to this is the need to maintain accurate information on all your entities and subsidiaries . Doing so enables you to methodically record the systems and technologies that will be impacted by an outage across the entirety of your organization. Once you're confident that you have captured all the applications and hardware you need to consider, your disaster recovery plan should include:

• Detailed plans for restoring each of these critical applications and pieces of infrastructure
• The timeframe for doing so
• The people who need to be involved ' along with emergency contact details to ensure they can be contacted in the event of any communications interruption

The ramifications of a disaster can be significant for an organization, including lost income, reputational damage, regulatory breaches and associated penalties, financial or otherwise, and missed opportunities for business growth while recovery is prioritized. The 'disaster recovery plan vs. business continuity plan' debate, then, is slightly spurious ' because you clearly need both. Having defined plans, both to respond in the immediate aftermath of a crisis, and to recover following the initial crisis period, is essential. To help organizations with their planning, both for business continuity and disaster recovery, Diligent has long-standing expertise and a suite of solutions. The software supports businesses that manage entities, compliance and organizational documents, enabling companies to minimize and mitigate the risks posed by any disruption. You can find out more by getting in touch to request a demo.

Solutions Solutions

• Board Management
• Enterprise Risk Management
• Audit Management
• Market Intelligence

Resources Resources

• Research & Reports

Company Company

Your data matters.

• IT Security
• IT Consultancy
• Disaster Recovery
• Installs & Upgrades
• Cloud Solutions
• Web Design & Hosting
• Finance Leasing & Hire Purchase
• ICT Consultancy Services
• ICT Support
• Primary and Secondary School ICT
• ICT for Academy Trusts
• Independent School ICT
• Spreading the cost of your ICT equipment
• Our Clients

Business Continuity Vs Disaster Recovery

There’s lots of talk about business continuity vs disaster recovery plans, but what does it all mean?

If this year has tested your business to its limits, now that you have a little more breathing space, if you haven’t already got one, you may want to introduce a business continuity plan. But where do you even start when there’s are plenty of different plans or strategies that all sound rather similar?  Most importantly, what do we mean when we talk about business continuity plan Vs disaster recovery plan?

It can be difficult to understand the difference between business continuity and disaster recovery.

In this blog, we explain the differences, which will help you decide what you might already have in place and where you need to focus your attention.

What do we mean by Business Continuity Disaster Recovery?

If you want to understand business continuity Vs disaster recovery in more detail, you need to first understand what business continuity means. In simple terms, a business continuity plan ensures that in the event of a disaster happening or your workplace becomes inaccessible, your business can continue to operate with as little interruption as possible.

A disaster could be a natural disaster, or it could be related to theft, or even terrorism. However, it could also be (and is more likely to be) a cyber attack, human error, adverse publicity, or deliberate damage caused by a disgruntled employee – sadly, this does happen!

As we’ve seen for the best part of this year, a business continuity disaster recovery plan may involve being able to quickly mobilise employees to work from home.

What Must a Business Continuity Plan Include?

In IT disaster recovery terms, a business continuity plan must consider all possible eventualities that pose a risk to your business. Nobody saw the pandemic happening, but those who already had a business continuity plan that considered a national emergency and the need to pivot to working from home, found 2020 a lot easier.

Large global incidents aside though, you need to ask yourself a series of questions – something we always do when we put together a disaster recovery business continuity plan for our clients. The list of scenarios could be anything from a flood, through to your reliance on third-party suppliers and cyber attacks.

It’s important to create a business continuity plan that is bespoke to your business.

Here are some of the things your business continuity and disaster recovery strategy should plan for:

• Temporary relocation of premises
• Data backups
• Remote working from home or another location
• Reallocation of roles to staff
• Using contractors and suppliers as a fallback
• Ability to protect and restore personal data in line with GDPR

What is the difference between business continuity and disaster recovery?

Having an IT Disaster Recovery Plan should be business-critical, yet only 30% of companies have one.

IT Disaster recovery is the term used to describe the returning of business operations to normal after a disaster. If daily business operations have been interrupted, your disaster recovery plan will transition your continuity measures back to normal processes.

There’s a very real threat facing business today though; assumptions are being made that a backup strategy is the same as a Disaster Recovery Plan. Sadly, it’s a contributing factor to 7 out of 10 small businesses folding within a year of a major data breach.

Do you know exactly how long it would take your existing backup solution to restore all your data? Considering over 33% of lost data is financial or customer information. How long could your business survive? These are answers you would confidently know if you had a Disaster Recovery Plan (DRP).

When thinking about business continuity vs disaster recovery, it’s much easier to consider the risks if you think of backup as a copy of your data and the Disaster Recovery Plan (or strategy) as the insurance that enables its recovery.

Things you should consider when creating a Disaster Recovery Strategy:

• Who needs to be involved in the IT disaster recovery planning?
• How will you recover from data loss or infrastructure failure?
• Who will be responsible for various recovery tasks?
• How frequently should we stress-test our DRP?
• What are the benefits of outsourcing the process to a company like Agile?

As we discussed in our previous blog on cybersecurity, you’ll also want to be certain that your data is being backed up. Your data might be located on a server but exactly where is it and how is it protected?

You might also have heard of the term DRaaS. This stands for Disaster Recovery as a Service. Essentially, it’s a category of Cloud computing that protects applications and data from a disaster or service disruption at one location by enabling a full recovery in the cloud. This means that your business can operate virtually, in a secure cloud location, whilst your primary systems are being restored.

At Agile, we have our own DRaaS replication service . This involves replicating either your physical or virtual servers into our local data centre in Colchester, Essex. It’s a fraction of the cost of traditional IT disaster recovery solutions and DR systems.

What is Disaster Recovery Contingency Planning?

This is a really important point when exploring business Continuity Vs Disaster Recovery. A disaster reovery contingency plan prepares a business for any potential events that could significantly impact day-to-day operations. This could be anything from the loss of a critical member of staff through to physical and environmental disasters.

Within your disaster recovery contingency plan, you’ll need to consider which aspects of your operations are business-critical. This could be a ransomware attack, a core supplier or contractor entering insolvency, or dare we even say it, another SARS virus!

Plan for a broad range of possibilities and what will action your contingency measures.

So, What’s the Difference between Business Continuity and Disaster Recovery? 

Whilst they are related, it’s easiest to think of them in the following way:

• A contingency plan is advanced planning to prepare your business for future events
• A business continuity plan is a temporary solution to keep you up and running in the event of an incident
• A disaster recovery strategy returns operations back to normal after a disaster has happened

In reality, a business needs a plan that encompasses all three. Here at Agile Technical Solutions, we can help you plan ahead.

Our business continuity and disaster recovery plans have seen our clients quickly pivot to home working this year. Moreover, in an environment where cyber attacks are on the increase, we put in place all the necessary protection and stress-test your systems with regular DR simulations.

Please don’t hesitate to get in touch and find out how we can help you. Our initial consultation is always a complimentary one where we get to know you are your business.

Business Continuity and Disaster Recovery Describe major components...

Business Continuity and Disaster Recovery

Describe major components of contingency planning.

• Choosing one of the contingency planning from https://nvd.nist.gov/800-53
• Select one of the Contingency Planning (CP) controls AND one of its related controls actually quantified as "Related to" in the control description. ( have chosen CP-4 CONTINGENCY PLAN TESTING)

Please help answer the following questions.

• Identify and summarize both controls.
• Provide a real-world example of both controls in use.
• Is your example an effective implementation of the security measure? Is there anything you would do differently?
• Do the controls more closely align to business impact analysis (BIA), incident response plan (IRP), disaster recovery plan (DRP), or business continuity plan (BCP) and why?

The contingency planning im working with is, ( CP-4 CONTINGENCY PLAN TESTING) and the related to ( I am not sure ) any help with this will be greatly appreciated. Thank you

Answer & Explanation

Question 1: Identify and summarize each controls

CP-four Contingency Plan Testing

This control calls for organizations to test their contingency plans on a everyday foundation to make sure that they're powerful and equipped to be finished in the occasion of a disruption. Testing need to consist of lots of techniques, such as walk-throughs, tabletop sporting activities, simulations, and complete sporting activities.

Related Control: CP-4(1) Coordinate with Related Plans

This control calls for organizations to coordinate contingency plan testing with other organizational elements which might be answerable for associated plans, which include business continuity plans, catastrophe recovery plans, and incident reaction plans.

Question 2: Provide a real-international instance of both controls in use

Real-World Example:

A financial services organisation has developed a contingency plan for its crucial records structures. The plan includes quite a few methods for responding to exceptional kinds of disruptions, which include herbal screw ups, strength outages, and cyberattacks.

To take a look at the contingency plan, the agency conducts a tabletop workout each 12 months. The workout simulates a prime cyberattack at the corporation's structures. Participants within the workout consist of key personnel from the agency's IT department, commercial enterprise units, and threat management crew.

The tabletop workout allows the organisation to pick out any gaps within the contingency plan and to make important enhancements. The agency also coordinates the contingency plan trying out with its disaster healing company to ensure that the 2 plans are like minded.

Question three: Is your example an powerful implementation of the security degree? Is there whatever you'll do in another way?

The instance furnished is an powerful implementation of CP-four and CP-four(1). The organization is trying out its contingency plan on a everyday basis, and it's miles coordinating the testing with different organizational elements which can be responsible for related plans.

One aspect that the employer may want to do to further enhance its implementation of these controls is to increase a contingency plan checking out agenda. This agenda could ensure that the contingency plan is tested at the least once a year, and that all of the key components of the plan are tested on a normal foundation.

Question four: Do the controls extra intently align to business impact analysis (BIA), incident response plan (IRP), disaster recovery plan (DRP), or business continuity plan (BCP) and why?

The controls CP-4 and CP-four(1) maximum carefully align to enterprise continuity planning (BCP). BCP is the manner of making and imposing plans to ensure that an enterprise can keep to perform throughout and after a disruption. Contingency plan testing is an vital part of BCP, because it enables companies to pick out and address any gaps in their plans.

However, CP-4 and CP-four(1) also relate to the other styles of plans listed:

• Business impact evaluation (BIA): A BIA is a method to discover and assess the capability effect of a disruption on an enterprise's operations. The consequences of a BIA may be used to tell the development and testing of contingency plans.
• Incident reaction plan (IRP): An IRP is a plan for responding to and improving from safety incidents. Contingency plans should be coordinated with IRPs to make sure that the two plans paintings together correctly.
• Disaster recovery plan (DRP): A DRP is a plan for restoring vital records structures and business functions after a disaster. Contingency plans need to be coordinated with DRPs to make certain that the two plans work collectively efficaciously.

Overall, CP-4 and CP-4(1) are essential controls for all corporations that have essential statistics structures. By checking out their contingency plans on a normal basis and coordinating the checking out with other associated plans, organizations can improve their capacity to reply to and recover from disruptions.

CP-four and CP-four(1) are important controls for all organizations that have essential information structures. By checking out their contingency plans on a normal foundation and coordinating the testing with other related plans, corporations can improve their potential to respond to and recover from disruptions.  

CP-4 and CP-four(1) are controls related to contingency planning. Contingency planning is the system of making and imposing plans to ensure that an organization can preserve to function in the course of and after a disruption.

CP-4 calls for companies to test their contingency plans on a normal basis to make certain that they're powerful and prepared to be done in the event of a disruption. Testing should include plenty of methods, together with walk-throughs, tabletop sporting activities, simulations, and comprehensive exercises.

CP-four(1) Coordinate with Related Plans

CP-four(1) calls for organizations to coordinate contingency plan trying out with different organizational elements that are answerable for associated plans, including commercial enterprise continuity plans, catastrophe healing plans, and incident reaction plans.

Real-World Example

A monetary services business enterprise has developed a contingency plan for its crucial facts systems. The plan consists of lots of processes for responding to distinct types of disruptions, along with natural screw ups, energy outages, and cyberattacks.

To test the contingency plan, the agency conducts a tabletop exercising every year. The workout simulates a first-rate cyberattack on the business enterprise's structures. Participants inside the exercise include key personnel from the organization's IT branch, commercial enterprise units, and chance control crew.

The tabletop exercising enables the business enterprise to discover any gaps inside the contingency plan and to make important enhancements. The organization additionally coordinates the contingency plan checking out with its disaster restoration company to ensure that the two plans are well matched.

Effectiveness of the Example

The instance furnished is an powerful implementation of CP-4 and CP-4(1). The enterprise is trying out its contingency plan on a ordinary basis, and it is coordinating the trying out with other organizational factors which are accountable for related plans.

Alignment with BIA, IRP, DRP, and BCP

The controls CP-four and CP-4(1) most intently align to enterprise continuity making plans (BCP). BCP is the technique of creating and enforcing plans to ensure that an enterprise can preserve to perform during and after a disruption. Contingency plan trying out is an crucial a part of BCP, as it enables businesses to pick out and address any gaps in their plans.

However, CP-four and CP-four(1) also relate to the opposite types of plans indexed:

• Business impact analysis (BIA): A BIA is a system to perceive and examine the capability impact of a disruption on an business enterprise's operations. The effects of a BIA may be used to inform the improvement and checking out of contingency plans.
• Incident response plan (IRP): An IRP is a plan for responding to and recuperating from protection incidents. Contingency plans have to be coordinated with IRPs to make sure that the 2 plans work together efficiently.
• Disaster healing plan (DRP): A DRP is a plan for restoring critical statistics systems and enterprise capabilities after a catastrophe. Contingency plans need to be coordinated with DRPs to ensure that the 2 plans paintings collectively successfully.

CP-4 and CP-four(1) are critical controls for all corporations that have vital statistics systems. By checking out their contingency plans on a everyday basis and coordinating the checking out with different related plans, corporations can improve their ability to reply to and get over disruptions.  

Related Q&A

• Q According to Stolen Focus, Chap. 8, what is Nir Eyal's method for breaking bad habits? O Ensure a two-minute break betwe... Answered 9d ago
• Q Choose a work to discuss from one genre that interprets a work from another genre. Include the title, artist, and descri... Answered 71d ago
• Q  . Department 1 completed work on 500 units and transferred them to Department 2. The cost of the units was $750. What i... Answered over 90d ago
• Q Gasoline at a gas station in Canada costs 1.23 (CAD) per liter. If the exchange rate between US and Canadian dollars is... Answered 70d ago
• Q A randomized controlled study for therapy   to prevent surgical wound infections: Group A is experimental. Group B is st... Answered 50d ago
• Q  . 26.0 18.4 12.70 5.80 Question 5 (2 points} The resultant R of two vectors A and B (i.e., R = A + B) has a magnitude o... Answered 51d ago
• Q  . For a one-tailed hypothesis test the critical value is 2.457. What is your statistical decision if tSTAT = + 2.214? W... Answered over 90d ago
• Q Please please help me if you can't complete it in 30 minutes don't do it please hurry!!  . 2. Consider the function f (x... Answered over 90d ago
• Q Using the current ratio and debt ratios, discuss what conclusions you can make about each company's ability to pay curre... Answered over 90d ago
• Q chose  the correct answer  I don't need the steps just the letter for the correct answer   . $ 4290.53 SLEO 12. Larry's ... Answered over 90d ago
• Q How long would it take to collect a 2D COSY experiment if you want to collect 16 scans per t1, increment with a preparat... Answered 18d ago
• Q  . To consider a family's "wellness", many components must be identified. Complete the following chart - using... Answered over 90d ago
• Q  . 4. Evaluate each of the sentences below in the world provided. (L.e. just say whether each sentence is T or F in that... Answered over 90d ago
• Q  . The following list of balances was extracted from the books of Natural Food Fair, PLC on 2016 December 31. Revenue 2 ... Answered over 90d ago
• Q You orchestrate a discussion with your 4th grade students regarding the following problem: Jack cuts a granola bar into ... Answered 18d ago
• Q Plot the point whose polar coordinates are given. Then find two other pairs of polar coordinates of this point, one with... Answered 26d ago
• googletag.cmd.push(function () { googletag.display('footerCliffsnotesAd'); }); CliffsNotes study guides are written by real teachers and professors, so no matter what you're studying, CliffsNotes can ease your homework headaches and help you score high on exams. About CliffsNotes