A contingency plan is a management instrument for the management of Information and Communications Technologies in the domain of support and performance (delivery and support, see ITIL).

This plan contains the technical, human and organizational measures necessary to guarantee the continuity of the business and operations of a company or organization. A contingency plan is a particular case of a business continuity plan applied to the IT or technology department. Other departments may have continuity plans that pursue the same objective from another point of view. However, given the importance of technologies in modern organizations, the contingency plan is the most relevant.

The backup plan is used to bring one or more damaged computers to full performance.

The contingency plan follows the well-known PDCA iterative life cycle (plan-do-check-act, that is, plan-do-check-act). It is born from a risk analysis where, among many threats, those that affect business continuity are identified.

On this basis, the most appropriate countermeasures are selected among different alternatives,

being reflected in the contingency plan along with the necessary resources to implement it.

The plan must be reviewed periodically. Generally, the review will be a consequence of a new risk analysis.

In any case, the contingency plan is always questioned when a threat materializes, acting as follows:

The contingency plan includes three subplans. Each plan determines the necessary countermeasures at each moment in time regarding the materialization of any threat:

On the other hand, the contingency plan should not be limited to these organizational measures. You must also clearly express:

This example is by no means exhaustive. Let's assume a small company that is dedicated to the production of textile garments. A risk analysis would identify (among other things) the following:.