| VALUE of INFORMATION | | | | plans can be produced quickly based on theoretical |
| To ensure continuity (going concern) we make use | | | | assumptions and expert consultations. While |
| of many resources. The unavailability or impairment | | | | presenting a logical/methodical solution and giving a |
| of some resources will threaten continuity and affect | | | | warm feeling ("WE HAVE A PLAN"), such a plan is |
| our chances of success and sometimes our chances | | | | only worth the paper it is written on. |
| of survival. One of these important/critical resources | | | | A documented plan that is effective is the END |
| is information. | | | | RESULT of a process that adopts practical and |
| We can consider the 'intrinsic" value of information as | | | | tested (proven) solutions. |
| the cost of acquiring, the means for storing, | | | | The method of developing and proving a |
| structuring, maintaining and delivering the information | | | | Contingency Plans must be logical and practical. The |
| (computer systems). | | | | method must answer the needs, be cost effective |
| The "consequential" value of computerized | | | | and provide the vehicle for success. |
| information is the potential loss (revenue, ability to | | | | As opposed to other systems geared to supporting |
| service) if the information was destroyed/corrupted | | | | the business functions, contingency plans are not |
| or could not be delivered on time. | | | | going to improve the profit margin or improve |
| We can buy insurance to cover the loss or inability to | | | | productivity. It involves added costs and human |
| deliver/process information. However, that does not | | | | resources from which direct and tangible benefits |
| replace the loss. | | | | might never be realised. It is, however, a key |
| So, where do we go from here? We need to | | | | component of the overall strategy for protecting |
| protect against the loss of information and | | | | assets and ensuring business continuity and survival. |
| information systems and implement measures to | | | | CONTINGENCY PLANS - Developing and |
| recover the information and the systems. We cannot | | | | Implementing the PlanThe definition of an effective |
| devise and implement effective measures based on | | | | plan: |
| theoretical assumptions or guesswork or gut feel. | | | | A good Contingency Plan is a comprehensive and |
| How much is too much? How much is not enough? | | | | consistent statement of actions, tasks, dependencies |
| Our first step is the Risk Analysis where: | | | | and milestones along with resources required to |
| - We establish the "intrinsic" and "consequential" | | | | accomplish a required level of recovery for given |
| values. | | | | functions at given locations within given time frames. |
| - We identify the threats and the risks. | | | | The key words or sentences to be extracted from |
| - We remove the threats and minimize the risks | | | | this definition are: ACTIONS/TASKS, DEPENDENCIES, |
| where possible. | | | | RESOURCES, LEVEL OF RECOVERY, FUNCTIONS, |
| Our next step is to devise and implement | | | | LOCATIONS and TIME FRAMES. A good plan should |
| contingency measures to address scenarios where | | | | address all these key words or sentences. A good |
| the preventative measures have failed. With a good | | | | plan should be detailed but to the point. It should |
| Risk Analysis we have removed the theoretical | | | | exclude any lengthy policies and theoretical |
| assumptions and have a much better measure of | | | | information. It is primarily an action plan giving very |
| how much to invest in our contingency plans. | | | | specific instructions. |
| CONTINGENCY PLANS and CONTINUITYContingency | | | | |