Does your Small or Medium Business have a contingency plan in place?
The National Institute of Standards and Technology (NIST) just released a Draft Contingency Planning Guide for Federal Information Systems.
Why is this relevant to SMBs?
Many SMBs have not taken the time to prepare and test a contingency plan. SMBs are typically much more vulnerable to the unexpected temporary or permanent loss of key leaders or staff members because these individuals often perform multiple vital roles and have smaller teams to back them up. If a key person is suddenly unavailable, operations can suffer greatly. In today’s economic climate, that could spell disaster.
The same can be said for vital information systems, where often the SMB will have less redundancy and resiliency, but sometimes even greater reliance on the system than a larger organization.
The NIST guide is free. While it is a lengthy document (150 pages), a quick overview should reveal several sections that are pertinent to your organization. Even the table of contents provides a good checklist for the things that your organization should address in a written contingency plan. For example, the following topics (and others) are covered:
- Business Continuity Plan (BCP)
- Continuity of Operations (COOP) Plan
- Crisis Communications Plan
- Critical Infrastructure Protection (CIP) Plan
- Cyber Incident Response Plan
- Disaster Recovery Plan (DRP)
- Information System Contingency Plan (ISCP)
- Occupant Emergency Plan (OEP)
Compliance with this guide may even be required if your organization does business with the Federal government or if it has plans to do so in the future.
In any case, the document is worth at least a quick review, just to see how your organization compares to the Draft Guide.
You can obtain the guide directly from NIST at http://csrc.nist.gov/publications/PubsDrafts.html#800-34-Rev1
What are your thoughts?
Do you have a contingency plan in place? Are you willing to share your best practices? Do you have questions about the preparation of effective SMB contingency plans?
If so, please leave a comment below.