3.3 Contingency planning

Description

Contingency planning comprises safeguards which, in case of failure (due to technical reasons, caused intentionally or as a result of negligence) of an IT system, are designed to restore its operating state. Depending on the time of implementation of these measures, contingency planning safeguards can be grouped into four stages:

Stage 1: Contingency planning

In this stage, the measures suitable and economically viable for a particular IT system are identified. It is determined which measures can be taken during operation of an IT system (e.g. smoking ban, uninterruptible power supply, service, data backup) so that an emergency situation is prevented and that damage resulting from an emergency situation is reduced. Furthermore, contingency plans, which are part of a contingency manual, stipulate which measures must be taken in case of an emergency.

Stage 2: Implementing the contingency measures accompanying IT operation

In stage 2, the contingency measures are implemented and maintained. These must be carried out prior to an emergency situation in order to reduce the probability of an emergency or to allow swift and cost-effective restoration of the operating state.

Stage 3: Emergency preparedness exercises

Emergency drills are particularly important in connection with stage 2 in order to train the implementation of the measures listed in the Emergency Manual and to increase efficiency.

Stage 4: Implementing planned measures after an emergency situation arises

After it has been officially decided that an emergency situation is present, the measures set out in the Emergency Manual for this case must be implemented without delay.
In order to be able to make contingency planning cost-effective, the costs incurred must be compared to the potential damage (costs due to a lack of availability in the event of an emergency) and assessed. The following costs should be considered:

• Costs for compiling contingency planning
• Costs for the implementation and maintenance of the safeguards accompanying IT operation
• Costs for emergency drills
• Costs for the restoration of the operating state

This chapter offers a systematic approach as to how an Emergency Manual can be compiled and trained. This covers stage 1 and stages 3 and 4. The Implementation of stage 2 requires an assessment of the individual IT system. These measures are described in the relevant modules of this manual.
The compilation of an Emergency Manual and the safeguards required involve considerable expense. It is thus particularly recommended to use this chapter for

• IT systems requiring a high degree of availability
• large IT systems (mainframe computers, large Unix systems, extensive networks)
• a large number of IT systems concentrated in one area.

Threat Scenario

In this Chapter, the threat

• T 1.2 Failure of the IT system

is considered as representative for all threats which could cause failure as regards IT baseline protection.

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.
The safeguards should be treated in the order stated so as to ensure that the Emergency Manual is compiled systematically.

Contingency Planning:

• S 6.1 (2) Development of a survey of availability requirements
• S 6.2 (2) Definition of "emergency", person-in-charge in an "emergency"
• S 6.3 (2) Development of an Emergency Procedure Manual
• S 6.4 (2) Documentation on the capacity requirements of IT applications
• S 6.5 (2) Definition of "restricted IT operation"
• S 6.6 (2) Study of internally and externally available alternatives
• S 6.7 (2) Responsibilities in an emergency
• S 6.8 (1) Alert plan
• S 6.9 (1) Contingency plans for selected incidents
• S 6.10 (2) Contingency plans for breakdown of data transmission
• S 6.11 (2) Development of a post-incident recovery plan
• S 6.13 (2) Development of a data backup plan
• S 6.14 (3) Replacement procurement plan
• S 6.15 (3) Agreements with suppliers (optional)
• S 6.16 (2) Taking out insurance (optional)
• S 6.12 (1) Emergency preparedness exercises
• S 6.75 Redundant communication links