The URL can be used to link to this page

Contingency vs Succession Plan 2022-12Contingency vs. Succession Plans City of Northampton, Office of Planning and Sustainability Community Development Block Grant Program Date: December 8th, 2022 Summary of Succession and Contingency Plans This document provides a very brief overview of succession and contingency plans. Having these plans is often a requirement or recommendation for organizations receiving government funding. Many organizations already have plans that would fall under these plans even though they use other terms to describe them such as Disaster Recovery Plan or Continuity of Operations Plan. Succession Plans describe how to effectively prepare for replacing key personnel due to departure and other causes. A contingency plan is for handling other types of events such as natural disasters and computer system issues that may disrupt daily operations. It focuses on continuous operation and recovery. A contingency plan consists of multiple components such as information system disaster recovery, snowstorm response, and provisions for work-from-home if the facility is unavailable. What is a Succession Plan? Succession planning is a process for identifying and developing new leadership who can replace management or other vacant positions resulting from individuals leaving the agency. There is an intersection between the Succession Plan and Continuity of Operations Plan (COOP); however, there are also important differences. A succession plan outlines a strategy that identifies roles and people with the right skills and expertise to assume positions considered key to the agency’s ongoing operations. Typically, these positions need to be filled quickly upon vacancy. Succession plans act as a guide for navigating leadership changes; reducing chaos and concerns from staff, partners, clients, and funders when leadership positions become vacant; and creating a catalyst for staff development opportunities A useful online resources for creating a succession plan is found here. What is a Contingency Plan? A Contingency Plan is a set of management policy and procedures designed to restore and maintain business operations, including computer operations, possibly at an alternate location, in the event of an emergency, system, failure, or disaster. Contingency planning refers to interim measures to recover information systems after a disruption. Interim measures may include relocation of information systems and operations to an alternate site, recovery of information system functions using alternate equipment, or performance of information system functions using manual methods. The main goal of contingency planning is the restoration to normal modes of operation while mitigating against loss of data with minimum cost and disruption to normal business activities after an unanticipated event. A useful document on how to conduct a contingency plan is found here. Contingency Plan Activities: • Construct contingency response team and assign responsibilities to designated personnel • Provide guidance to help personnel evaluate IT systems and operations to determine contingency plan requirements • Ensure coordination with other teams who participate in the CP process • Perform Risk Assessment/Preventative Controls considerations to eliminate or mitigate unacceptable risks identified in the risk assessment Seven Steps to Contingency Planning From the web document, https://www.techtarget.com/whatis/definition/contingency-plan 1. Contingency planning policy statement. This policy provides the outline and authorization to develop a contingency plan. 2. Business impact analysis. BIA identifies and prioritizes the systems that are important to an organization's business functions. 3. Preventive controls. Proactive measures that prevent system outages and disruptions can ensure system availability and reduce costs related to contingency measures and lifecycle. 4. Contingency strategies. Thorough recovery strategies ensure that a system may be recovered fast and completely after a disruption. 5. Contingency plan. This is the action plan. It contains the guidance and procedures for dealing with a damaged or unavailable system. These detailed plans are tailored to the system's security impact level and recovery requirements. 6. Testing, training and exercises. Plan testing validates recovery capabilities, training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps. Combined, these activities improve plan effectiveness and overall organization preparedness. 7. Plan maintenance. The plan should be updated regularly to remain current with system enhancements and organizational changes. Business Continuity vs. Business Contingency Plans The terms business continuity and business contingency are often used interchangeably. However, they differ in the following ways: A business contingency plan is activated soon after the initial event occurs and the IR team has made its initial assessments and determinations. The contingency plan is used to get specific team members involved in mitigation efforts. These people make short-term decisions regarding how the incident can be managed and resolved. A business continuity plan is for longer terms. If contingency planning activities are insufficient to restore business operations, it may be necessary to declare a disaster and launch a longer-term business continuity plan as well as a technology disaster recovery plan. Business continuity plans are designed to facilitate the recovery and resumption of business activities to as close to normal operations as possible.