Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

contingency planning

Information system contingency planning refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of information systems, operations, and data after a disruption. Contingency planning generally includes one or more of the following approaches to restore disrupted services:

  • Restoring information systems using alternate equipment;
  • Performing some or all of the affected business processes using alternate processing (manual) means (typically acceptable for only short-term disruptions);
  • Recovering information systems operations at an alternate location (typically acceptable for only long–term disruptions or those physically impacting the facility); and
  • Implementing of appropriate contingency planning controls based on the information system’s security impact level. (SP 800-34 Rev. 1)
Created June 08, 2016, Updated September 25, 2017