Contingency Planning


Contingency Planning

Unforeseen threats never knock on the door before their arrival. They just arrive and destroy everything that comes in their path. Contingency planning provides protection against these unforeseen threats. In the case of an organization, contingency planning covers failures of critical systems, equipment, automated processes, energy, communications, suppliers, personnel, and natural calamities. It consists of the actions taken by the organization to prepare the organization for an impending emergency. It is a management tool used to analyze the impact of potential crises so that adequate and appropriate arrangements are made in advance. It is general enough that it confers different ideas to different disaster managers and emergency personnel, depending on their circumstance and area of concern. The cost to implement and activate a contingency plan can be high, but the impact of its absence is prohibitive. Further if a small contingency is not curtailed in time then it can create a snowball effect and rapidly generate a greater crisis.

In the organization, it is essential to have mechanisms that ensure constant operation. When there is an unexpected disruption, an appropriate contingency plan can make a huge difference. The definition of an optimal contingency plan is a complex problem involving diverse resources such as systems, equipment, spare parts, services, and specialized manpower etc. The contingency solution involves alternative processes and recovery strategies so that in the case of a contingency, all the necessary resources are available in order to bring the system back to normal operation using the minimum resources and in the least possible time.

Chinese general Sun Tzu has said, “Plan for what is difficult while it is easy, do what is great while it is small. The difficult things in this world must be done while they are easy; the greatest things in the world must be done while they are still small. For this reason sages never do what is great, and this is why they achieve greatness”.  Contingency planning involves anticipating a specific hazard based on specific events or known risks, and establishing operational procedures for response, based on expected resource requirements and capacity. It is about deciding what to do before it becomes difficult, as in the chaos of an emergency.

Contingency planning can be defined in a number of ways. The National Institute of Standards and Technology (NIST) defines contingency planning as management policies and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergency, system failure, or disaster. It is also been defined by way of a contingency / disaster recovery plan as the strategy and organized course of action which is to be taken if things do not go as planned or if there is a loss of use of the established organizational product or system due to a disaster.

A contingency plan is the process of developing advance arrangements and procedure that help the organization to respond to an unforeseen event which can occur by chance, or unforeseen threats. It is a framework or preventive action used by the organization to overcome with the negative impact of any failure or disruption in operations. It is a plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management when an exceptional risk that, though unlikely, can have catastrophic consequences. Contingency plans are frequently devised by the organization to respond well to emergencies and their potential impacts on the organization, employees and the society.

Careful planning is essential for any potential spill situation as incidents are far easier to resolve when a well prepared and tested contingency plan is available. Contingency plans provide the structure for the management and implementation of response operations. As such, they are to be comprehensive, accessible and readily updateable, and reflect the working culture of the organization within which they are being implemented. Contingency planning is always to be undertaken when there is a high risk or probability due to which a disaster or emergency situation can occur.

Contingency planning is a systematic approach for identifying what can go wrong in a situation. Rather than hoping that everything will turn out fine or that ‘fate will be on the side of the organization’, a planner tries to identify contingency events and to be prepared with plans, strategies and approaches for avoiding, coping or even exploiting them. It is a forward planning process for a state of uncertainty, in which scenarios and objectives are agreed, managerial and technical actions defined, and potential response systems put in place, in order to prevent or better respond to meet an emergency.

Contingency planning aims to prepare the organization to respond well to an emergency and its potential impact. Developing a contingency plan involves making decisions in advance about the management of human and financial resources, coordination and communications procedures, and being aware of a range of technical and logistical responses. Such planning is a management tool, involving all sectors, which can help ensure timely and effective provision of aid when a disaster occurs. Time spent in contingency planning equals time saved when a disaster occurs. Effective contingency planning leads to timely and effective disaster-relief operations.

Contingencies are relevant events anticipated by a planner, including low-probability events that can have major impacts. Contingency planning needs ‘what-if’ skill. The objective of contingency planning is not to identify and develop a plan for every possible contingency. That would be impossible and a terrible waste of time. Rather, the objective is to encourage one to think about major contingencies and possible responses. Few situations actually unfold according to the assumptions of a plan. However, people who have given thought to contingencies and possible responses are more likely to meet major goals and targets successfully.

Contingency planning is the responsibility of all levels of the employees in the organization. Contingency planning is to be an ongoing process. The planning process is frequently as important as the plan itself. Contingencies plans need to be tested and updated regularly to check their relevance. During rapidly changing situations, contingency plans need to be updated more frequently.

The primary difference between contingency planning and emergency operations planning, for example, is the potential nature of the planned-for situation. Unlike emergency operations planning which is done in response to a known emergency situation, contingency planning is done before the event happens in a state of uncertainty. This means that much of the planning for the conditions, scale of the emergency, timing, etc., must be based on predictions and assumptions about the potential crisis, rather than real-time assessment. Due to this critical difference it follows that the value of contingency planning is largely dependent on the ability of planners to adequately predict scenarios that are likely to happen and to be able to correctly draw conclusions about what will be needed if such a scenario occurs.

The uncertainties of contingency planning also affect the planners in much more subtle ways. It is generally more difficult to motivate and organize the employees and others to do contingency planning than it is to begin planning for a currently breaking emergency. The lack of a sense of urgency, particularly when planners are already facing day-to-day planning difficulties for known problems, can slow, or even stop, the contingency planning processes. General optimism that the ‘worst case scenario’ will not happen is another factor that comes between developing a general sense of worry while actually making the contingency planning.

An additional aspect of contingency planning is the notion that potential problems in the resulting response are anticipated and solved. This means that potential problems are attended to once they are identified in the planning process whether or not the potential disaster actually occurs.

Preparation of a contingency plan

The organization prepares a contingency plan, sometimes called a ‘plan B’, to prepare itself for something bad that can affect the organization’s ability to function. Developing an effective contingency plan is essential for the survival of the organization during emergencies. Many things can put the organization at risk, from a technical disaster to a natural one. Preparation of the contingency plan makes the organization to face such possibilities without much damage to its operations.

The mere existence of a plan is not sufficient to ensure preparedness for responding to the contingency. The planning process itself is as important. It serves to raise issues that are likely to arise in a response and raises awareness on roles and responsibilities. Devising and compiling a contingency plan normally follows a logical, multi-step process. The process of the contingency planning is shown in Fig 1.

Process of contingency planning

Fig 1 Process of contingency planning

The key goal of a contingency plan is to make sure that the organization can maintain the operation if a disaster occurs. It is a good idea to have a formal policy spelling out the need for a contingency plan. The plan is to be simple overall. The language and directions in it is to be such that it is understandable to future audiences since one never knows who has to implement it.

Assessing the risks

It is one of the initial steps in the preparation of the contingency plan. During the preparation of the contingency plan it is necessary initially to figure out the specific trigger that is required for the use of the contingency plan. It is to be determined how the success is measured so that the organization can return to normal operations. All the operations which are critical for the organization to continue operations need to be determined.

Further it is to be made sure that the plan answers the following three key questions of contingency plans in order to ensure that nothing is missed.

  • What could happen?
  • What will be done in response?
  • What can be done in advance to prepare?

The risks which are most likely to occur for the organization are to be thought of. Determining potential risks is one of the most important aspects of a contingency plan. This process is not the one-size-fits-all process. It is required to determine the risks which are unique to the organization.

There are many possible risks which the organization can face. They can be natural disasters, such as floods, cyclones and droughts may require a contingency plan. Other possible risks include a crisis, work site accident, personnel problems (like death of a leader or a strike), data loss, mismanagement, and product issues (like a recall). It is necessary to focus on areas including management, communications, financial resources, coordination, logistical and technical responses etc. Technical disasters can include those components of the organization dealing with communication infrastructure which can be potential loss of data or customers.

After the possible risks have been determined then the risks are to be ranked based on the probability of their occurrence. All the risks are not created equal, and normally the contingency plans cannot deal in depth with every single potential risk. It is necessary to determine the risks which are most likely and which are to affect the organization most.

It is necessary to focus in on the most critical risks. Every single risk that might affect operations is to be ranked. The impact of each risk need be determined. A ranking is also to be developed how often the risk might occur. Then, the values of these two ranking scores of likelihood and impact are to be multiplied to get a total score. For the contingency plan the risks with the highest scores are to be considered first. There need to be a cut off for the scores though for the low score items a general process can be developed. Areas which are essential to the organizational survival are usually put at the top.

Identification of the scenarios

Scenarios for the highest ranked risks are to be developed. It is essential to produce realistic scenarios for each risk in order to develop an effective contingency plan. The scenarios are to specifically outline what can happen if each of the top priority risks occurs. Once the scenarios have been developed thoroughly then the ultimate impact of each of the scenarios is to be determined in detail. Then different gradations of the same scenario can be developed such as the best-case, most likely case, and worst-case scenario.

A timeline is to be created for how the scenarios might unfold. It is to be determined who will be in charge of what and when. The contact lists also need to be updated and it is to be determined who is responsible for issue of the notifications. Timeframe outline is to be very specific indicating what is going to happen on the first day or the first week. Timelines scenarios are to deal with physical vulnerabilities, organizational vulnerabilities and institutional vulnerabilities.

A decision is required to be taken about what will be the most essential to get the organization to be operational again. These angles are to be explored in detail by charting out the capacities as well as the vulnerabilities. The capacity which the organization is to have to meet risks or mitigate them is to be decided. An honest assessment of resources is to be carried out. In case of limited resources, decision is to be taken to decide which functions need to change or reduce. An impact analysis is to be performed. It is necessary to identify which areas are essential for the organization to meet its mission and continue operating.

Ways are to be found to reduce the risk. It is usually not enough to develop a contingency plan and then sit back and hope it never comes to fruition.  It is essential for the organization to take steps immediately to reduce the risks. The preventative strategies need to be developed.  The availability of partners in case of disaster is to be determined. The availability of the local resources is to be found out which will be available in case of a disaster. The best contingency plan helps the organization to pinpoint areas they can improve so that they reduce the likelihood of the plan being needed in the first place. The organization may realize that it needs insurance or it should have disaster drills. Perhaps the key personnel need additional training.

Maintenance of the contingency plan

It is necessary that the contingency plan is communicated to all the employees. The organization need to educate the employees about the plan before it is needed. The employees are to be told which role and responsibilities they will have so that there is no confusion if the plan needs to be implemented in an emergency. This will reduce the chances of panic. The employees are to be imparted proper training so that they meet their obligations as outlined in the contingency plan. Drills are held if needed. If necessary, adjustments are made after observing the training.

The contingency plan needs to be tested.  The testing can be made manageable and cost-effective by testing in stages. If an area proves to be flawed or has conflicts with contingency plan from other departments, the same can be edited and the plan is retested.

A management review of the plan is to be conducted. Also an interdepartmental review is to be performed. This is where every department reviews another department’s plans. This is the stage that allocates resources and identifies conflicts.

The failures of the critical systems are to be studied in detail. This testing stage can be localized within departments. Testing involves the simulation of system and/or failures. The departments can role play scenarios without having to actually shut down important equipment or processes. In short, it is important to fully test out the contingency plan. This can involve short-term shutdowns in key areas done in real time.

The contingency plan needs to be stored in a place where it can be easily and quickly accessed. If disaster strikes, the organization will not want the contingency plan to burn down with the fire or be swept away with the flood. Neither there is to be a data breach to make it hard to retrieve the plan when the organization needs it most. It is always better to keep a copy of the contingency plan in a different location from the original and it is to be made sure that more than one employee knows how to access it and has authority to do so.

The contingency plan needs to be revisited on a regular schedule since the things can change with time making the assumptions outdated. Also the risks can be greater than they were before. It is better that more than one employee are involved in the preparation of the contingency plan and its updates.  Sometimes a new employee looking at it with a fresh eye and auditing it makes the contingency plan more comprehensive. Also it is necessary to confirm all assumptions by matching them with recent data.

The contingency plan is to have a trigger for each scenario deemed critical. This trigger includes what conditions must be met for the plan to activate and at what specified time (if possible), to allow all users of the plan to be as synchronized as possible from the offset.

Information directory

This section of the plan is dedicated to the collation of all supporting data that may be required to implement a timely and effective response. Useful information which is required to be contained in this section includes the following.

  • Contact directory of response personnel – out of office contact details is to be included where appropriate.
  • Contact directory of third parties – those likely to have an interest in the incident, e.g. regulatory authorities, police, media, parties likely to be impacted, and other authorities.
  • Primary response equipment whether owned by the organization or available from external sources on call.
  • Auxiliary response equipment such as protective clothing and equipment etc., whether owned by the organization or available from external sources on call.
  • Logistics suppliers – suppliers of catering, and transport etc.
  • Manpower resources
  • Experts and advisors – personnel with detailed knowledge and experience of handling the contingency.
  • Drawings of sensitive areas – showing detailed information on the location of the sensitive equipment.

Other important aspects of the contingency plans are as follows.

  • The contingency plan is not to be assigned a low priority.
  • There may be a necessity of more than one contingency plan in the organization.
  • The work on the contingency plan is to be started by setting up a contingency planning committee and an employee with fairly good knowledge of the different aspects of the organization is to be chosen to lead the committee. The contingency plan leader provides skills, tools and a knowledge base and guides the departments so that they can develop their own plan.
  • The plan after being made is to be gone over again. A second review helps find things that were missed the first time.