Contingency planning
Identify what applications and data are critical for your business and ensure there is a documented and tested plan to keep your organization running in an emergency.
Does your business need a contingency plan?
Unexpected events that impact businesses happen all the time. While your business would benefit from having a contingency plan after a successful ransomware attack, it would more likely be invoked for other reasons including environmental threats like fire or flood. In any case, if maintaining business operations is important to you, a plan to recover from unexpected problems is important because they will happen.
If your organization processes or stores ePHI used for diagnosis, treatment, or billing for health conditions, it is governed by HIPAA. The Security Rule requires that covered entities have a contingency plan that includes a data backup plan which is tested annually.
5 steps to prepare for technology disasters
Conduct a Business Impact Analysis and understand what systems and data are critical to operations to prioritize restoration activities during an outage and minimize losses.
Prepare for problems with an Emergency Operations Plan to continue helping clients and providing critical services for the duration of an outage.
Create a Data Backup Plan to ensure critical applications and data needed to run your business are backed up and verified to allow restoration and recovery when your primary system fails.
Create an overall Contingency Plan documenting communications, contacts, detailed procedures for restoration and recovery, checklists for testing and validating, and failback procedures.
Technology systems are generally in a state of flux with changes like new and updated applications, hardware changes, and adjustments for growth. By testing your plan you can discover issues and correct them so your recovery is successful when you really need it.