contingency planning in business examples

• Product overview
• All features
• App integrations

CAPABILITIES

• project icon Project management
• Project views
• Custom fields
• Status updates
• goal icon Goals and reporting
• Reporting dashboards
• workflow icon Workflows and automation
• portfolio icon Resource management
• Time tracking
• my-task icon Admin and security
• Admin console
• asana-intelligence icon Asana AI
• list icon Personal
• premium icon Starter
• briefcase icon Advanced
• Goal management
• Organizational planning
• Campaign management
• Creative production
• Content calendars
• Marketing strategic planning
• Resource planning
• Project intake
• Product launches
• Employee onboarding
• View all uses arrow-right icon
• Project plans
• Team goals & objectives
• Team continuity
• Meeting agenda
• View all templates arrow-right icon
• Work management resources Discover best practices, watch webinars, get insights
• What's new Learn about the latest and greatest from Asana
• Customer stories See how the world's best organizations drive work innovation with Asana
• Help Center Get lots of tips, tricks, and advice to get the most from Asana
• Asana Academy Sign up for interactive courses and webinars to learn Asana
• Developers Learn more about building apps on the Asana platform
• Community programs Connect with and learn from Asana customers around the world
• Events Find out about upcoming events near you
• Partners Learn more about our partner programs
• Support Need help? Contact the Asana support team
• Asana for nonprofits Get more information on our nonprofit discount program, and apply.

Featured Reads

• Business strategy |
• What is a contingency plan? A guide to ...

What is a contingency plan? A guide to contingency planning

A business contingency plan is a backup strategy for your team or organization. It lays out how you’ll respond if unforeseen events knock your plans off track—like how you’ll pivot if you lose a key client, or what you’ll do if your software service goes down for more than three hours. Get step-by-step instructions to create an effective contingency plan, so if the unexpected happens, your team can spring into action and get things back on track.

No one wants Plan A to fail—but having a strong plan B in place is the best way to be prepared for any situation. With a solid backup plan, you can effectively respond to unforeseen events effectively and get back on track as quickly as possible. 

A contingency plan is a proactive strategy to help you address negative developments and ensure business continuity. In this article, learn how to create a contingency plan for unexpected events and build recovery strategies to ensure your business remains healthy.

What is contingency planning?

What is a contingency plan .

A contingency plan is a strategy for how your organization will respond to important or business-critical events that knock your original plans off track. Executed correctly, a business contingency plan can mitigate risk and help you get back to business as usual—as quickly as possible. 

You might be familiar with contingency plans to respond to natural disasters—businesses and governments typically create contingency plans for disaster recovery after floods, earthquakes, or tornadoes. 

But contingency plans are just as important for business risks. For example, you might create a contingency plan outlining what you will do if your primary competitors merge or how you’ll pivot if you lose a key client. You could even create a contingency plan for smaller occurrences that would have a big impact—like your software service going down for more than three hours.

Contingency planning vs risk management

Project risk management is the process of identifying, monitoring, and addressing project-level risks. Apply project risk management at the beginning of the project planning process to prepare for any risks that might come up. To do so, create a risk register to identify and monitor potential project risks. If a risk does happen, you can use your risk register to proactively target that risk and resolve it as quickly as possible. 

A contingency plan is similar to a project risk management plan or a crisis management plan because it also helps you identify and resolve risks. However, a business contingency plan should cover risks that span multiple projects or even risks that could affect multiple departments. To create a contingency plan, identify and prepare for large, business-level risks.

Contingency planning vs crisis management

Contingency planning is a proactive approach that prepares organizations for potential emergencies by implementing pre-planned risk mitigation strategies. It involves identifying threats and crafting strategies in advance. 

Crisis management , on the other hand, is reactive, focusing on immediate response and damage control when a crisis occurs. While contingency planning sets the stage for effective handling of emergencies, crisis management involves real-time decision-making and project management during an actual crisis. Both are important for organizations and businesses to maintain their stability and resilience.

Contingency plan examples

There are a variety of reasons you’d want to set up a contingency plan. Rather than building one contingency plan, you should build one plan for each type of large-scale risk or disaster that might strike. 

Business contingency plan

A business contingency plan is a specialized strategy that organizations develop to respond to particular, unforeseen events that threaten to disrupt regular operations. It's kind of like a business continuity plan, but there's one key difference. 

While business continuity plans aim to ensure the uninterrupted operation of the entire business during a crisis, a business contingency plan zeroes in on procedures and solutions for specific critical incidents, such as data breaches, supply chain interruptions, or key staff unavailability. 

A business contingency plan could include:

Strategies to ensure minimal operational disruption during crises, such as unexpected market shifts, regulatory compliance changes, or severe staff shortages.

Partnerships with external agencies that can provide support in scenarios like environmental hazards or public health emergencies.

A comprehensive communication strategy with internal and external stakeholders to provide clear, timely information flow during crises like brand reputation threats or legal challenges.

Environmental contingency plan

While severe earthquakes aren’t particularly common, being unprepared when “the big one” strikes could prove to be catastrophic. This is why governments and businesses in regions prone to earthquakes create preparedness initiatives and contingency plans.

A government contingency plan for an earthquake could include things like: 

The names and information of the people designated to handle certain tasks in advance to ensure the emergency response is quick and concise

Ways to educate the public on how to respond when an earthquake hits

A timeline for emergency responders.

Technology contingency plan

If your business is particularly data-heavy, for example, ensuring the safety and cybersecurity of your information systems is critical. Whether a power surge damages your servers or a hacker attempts to infiltrate your network, you’ll want to have an emergency response in place.

A business’s contingency plan for a data breach could involve: 

Steps to take and key team members to notify in order to get data adequately secured once more

The names and information of stakeholders to contact to discuss the impact of the data breach and the plan to protect their investment

A timeline to document what is being done to address the breach and what will need to be done to prevent data breaches in the future

Supply chain contingency plan

Businesses that are integral parts of the supply chain, such as manufacturing entities, retail companies, and logistics providers, need an effective supply chain contingency plan to continue functioning smoothly under unforeseen circumstances.

These plans hedge against supply chain disruptions caused by events like natural disasters or technological outages and help organizations reduce downtime and ensure real-time operational capabilities. 

A supply chain contingency plan could include:

Secure critical data and systems while promptly notifying key team members, such as IT staff and management, for immediate action.

A predetermined list of essential stakeholders, including suppliers, customers, investors, and authorities, should be contacted to inform them about the disruption and steps being taken.

A detailed timeline is essential for documenting the immediate response and outlining long-term strategies to prevent future disruptions in the supply chain.

Pandemic contingency plan

In the face of a global health crisis, a pandemic contingency plan is vital for organizations in healthcare, retail, and manufacturing. This plan focuses on mitigation strategies to minimize operational disruptions and ensure the safety of employees while maintaining business continuity. 

A pandemic response plan could include:

A comprehensive health and safety protocol for employees, which integrates regular health screenings, detailed risk analysis, and emergency medical support as key components.

Flexible work arrangements and protocols for remote operations and digital communication.

A list of key personnel and communication channels for immediate response and coordination.

Regularly reviewing and adapting the pandemic contingency plan as part of an ongoing disaster recovery plan to address evolving challenges and lessons learned.

How to create a contingency plan

You can create a contingency plan at various levels of your organization. For example, if you're a team lead, you could create a contingency plan for your team or department. Alternatively, company executives should create business contingency plans for situations that could impact the entire organization. 

As you create your contingency plan, make sure you evaluate the likelihood and severity of each risk. Then, once you’ve created your plan—or plans—get it approved by your manager or department head. That way, if a negative event does occur, your team can leap to action and quickly resolve the risk without having to wait for approvals.

1. Make a list of risks

Before you can resolve risks, you first need to identify them. Start by making a list of any and all risks that might impact your company. Remember: there are different levels of contingency planning—you could be planning at the business, department, or program level. Make sure your contingency plans are aligned with the scope and magnitude of the risks you’re responsible for addressing. 

A contingency plan is a large-scale effort, so hold a brainstorming session with relevant stakeholders to identify and discuss potential risks. If you aren’t sure who should be included in your brainstorming session, create a stakeholder analysis map to identify who should be involved.

2. Weigh risks based on severity and likelihood

You don’t need to create a contingency plan for every risk you lay out. Once you outline risks and potential threats, work with your stakeholders to identify the potential impact of each risk. 

Evaluate each risk based on two metrics: the severity of the impact if the risk were to happen and the likelihood of the risk occurring. During the risk assessment phase, assign each risk a severity and likelihood—we recommend using high, medium, and low. 

3. Identify important risks

Once you’ve assigned severity and likelihood to each risk, it’s up to you and your stakeholders to decide which risks are most important to address. For example, you should definitely create a contingency plan for a risk that’s high likelihood and high severity, whereas you probably don’t need to create a contingency plan for a risk that’s low likelihood and low severity. 

You and your stakeholders should decide where to draw the line.

4. Conduct a business impact analysis

A business impact analysis (BIA) is a deep dive into your operations to identify exactly which systems keep your operations ticking. A BIA will help you predict what impact a specific risk could have on your business and, in turn, the response you and your team should take if that risk were to occur. 

Understanding the severity and likelihood of each risk will help you determine exactly how you will need to proceed to minimize the impact of the threat to your business. 

For example, what are you going to do about risks that have low severity but high likelihood? What about risks that are high in severity, but relatively low in likelihood? 

Determining exactly what makes your business tick will help you create a contingency plan for every risk, no matter the likelihood or severity.  

5. Create contingency plans for the biggest risks

Create a contingency plan for each risk you’ve identified as important. As part of that contingency plan, describe the risk and brainstorm what your team will do if the risk comes to pass. Each plan should include all of the steps you need to take to return to business as usual.

Your contingency plan should include information about:

The triggers that will set this plan into motion

The immediate response

Who should be involved and informed?

Key responsibilities, including a RACI chart if necessary

The timeline of your response (i.e. immediate things to do vs. longer-term things to do)

For example, let’s say you’ve identified a potential staff shortage as a likely and severe risk. This would significantly impact normal operations, so you want to create a contingency plan to prepare for it. Each person on your team has a very particular skill set, and it would be difficult to manage team responsibilities if more than one person left at the same time. Your contingency plan might include who can cover certain projects or processes while you hire a backfill, or how to improve team documentation to prevent siloed skillsets. 

6. Get approval for contingency plans

Make sure relevant company leaders know about the plan and agree with your course of action. This is especially relevant if you’re creating team- or department-level plans. By creating a contingency plan, you’re empowering your team to respond quickly to a risk, but you want to make sure that course of action is the right one. Plus, pre-approval will allow you to set the plan in motion with confidence—knowing you’re on the right track—and without having to ask for approvals beforehand.

7. Share your contingency plans

Once you’ve created your contingency plans, share them with the right people. Make sure everyone knows what you’ll do, so if and when the time comes, you can act as quickly and seamlessly as possible. Keep your contingency plans in a central source of truth so everyone can easily access them if necessary.

Creating a project in a work management platform is a great way of distributing the plan and ensuring everyone has a step-by-step guide for how to enact it.

8. Monitor contingency plans

Review your contingency plan frequently to make sure it’s still accurate. Take into account new risks or new opportunities, like new hires or a changing business landscape. If a new executive leader joins the team, make sure to surface the contingency plan for their review as well. 

9. Create new contingency plans (if necessary)

It’s great if you’ve created contingency plans for all the risks you found, but make sure you’re constantly monitoring for new risks. If you discover a new risk, and it has a high enough severity or likelihood, create a new contingency plan for that risk. Likewise, you may look back on your plans and realize that some of the scenarios you once worried about aren’t likely to happen or, if they do, they won’t impact your team as much.

Common contingency planning pitfalls—and how to avoid them

A contingency plan is a powerful tool to help you get back to normal business functions quickly. To ensure your contingency planning process is as smooth as possible, watch out for common pitfalls, like: 

Lack of buy-in

It takes a lot of work to create a contingency plan, so before you get started, ensure you have support from executive stakeholders. As you create your plan, continuously check in with your sponsors to ensure you’ve addressed key risks and that your action plan is solid. By doing so, you can ensure your stakeholders see your contingency plan as something they can get behind.

Bias against “Plan B” thinking

Some company cultures don’t like to think of Plan B—they like to throw everything they have at Plan A and hope it works. But thinking this way can actually expose your team to more risks than if you proactively create a Plan B.

Think of it like checking the weather before going sailing so you don’t accidentally get caught in a storm. Nine times out of ten, a clear sunny day won’t suddenly turn stormy, but it’s always better to be prepared. Creating a contingency plan can help you ensure that, if a negative event does occur, your company will be ready to face it and bounce back as quickly as possible. 

One-and-done contingency plans

It takes a lot of work to put a contingency plan together. Sometimes when you’ve finished, it can be tempting to consider it a job well done and forget about it. But make sure you schedule regular reminders (maybe once or twice a year) to review and update your contingency plan if necessary. If new risks pop up, or if your business operations change, updating your contingency plan can ensure you have the best response to negative events.  

You’ve created a contingency plan—now what?

A contingency plan can be a lot of work to create, but if you ever need to use it, you’ll be glad you made one. In addition to creating a strong contingency plan, make sure you keep your plan up-to-date.

Being proactive can help you mitigate risks before they happen—so make sure to communicate your contingency plan to the team members who will be responsible for carrying them out if a risk does happen. Don’t leave your contingency plan in a document to collect dust—after creating it, you should use it if need be!

Once you’ve created the plan, make sure you store it in a central location that everyone can access, like a work management platform . If it does come time to use one of your contingency plans, storing them in a centrally accessible location can help your team quickly turn plans into action.

Related resources

How Asana streamlines strategic planning with work management

How to create a CRM strategy: 6 steps (with examples)

What is management by objectives (MBO)?

Write better AI prompts: A 4-sentence framework

What Is Contingency Planning? [+ Examples]

Published: January 13, 2023

The COVID-19 pandemic has shown, more than ever, the importance of being prepared with a contingency plan for the unexpected, especially when it comes to business continuity.

While some unexpected interruptions can be due to situations outside of your control, some issues arise that may be caused by internal errors. Unexpected problems can also be positive, like a sudden influx of interest in a new product.

Regardless of the scenario, it's essential to prepare for everything, and contingency planning helps you do so. This post will explain what contingency planning is, outline the steps you can follow to create your own plan, and give examples that you can use for inspiration.

• Contingency Planning
• Business Contingency Plan
• Making a Contingency Plan
• Contingency Plan Timeline
• Contingency Plan Example

Contingency Plan Definition

What is a contingency plan? Simply put, a contingency plan is an action plan designed to help organizations respond to a potential future incident. Think of it as a backup plan, or plan B to guide organizations through a worst-case scenario.

Contingency plans are helpful for all types of organizations, from businesses to non-profits, to government organizations. While these scenarios may never come to fruition, it’s important to have a plan in place so that your team isn’t panicking or scrambling to deal with an unfavorable event at the last minute.

What is contingency planning?

Contingency planning is a proactive process of creating a strategy to help you prepare for any scenario that can affect your business, regardless of the likelihood of its occurrence.

These plans shouldn't focus solely on situations that may harm your business. For example, you may experience a significant increase in revenue during a specific period due to changes in market behavior. This is a good scenario, but you will still need to adapt your operations to scale and appropriately meet the new demands of your growing audience.

Contingency Planning vs. Crisis Management

Contingency planning is also different from crisis management , as it is not a reaction to something that has already happened but more so a plan for if and when something may happen. However, a contingency plan can help you with crisis management when issues arise.

Contingency Planning vs. Risk Management

Risk management is the identification, mitigation, and assessment of potential risks that may affect your organization. This process helps an organization prevent losses before they occur and aids in assessing whether or not certain risks are worth taking. Contingency planning can be a component of risk management since that process helps organizations survive these potential risks.

To ensure your business is prepared for everything, it's crucial to understand how to create a contingency plan.

What is a business contingency plan?

A business contingency plan is a strategy that outlines the steps your business’ teams will take in the event of a crisis occurring. It is essentially the backup plan that goes into action when the worst-case scenario occurs. The goal of your contingency plan is to help your business stay up and running after an issue arises.

Business Continuity Plan vs. Contingency Plan

Although their names vary by few letters, business continuity and contingency plans are different concepts. Continuity is the ability of your business to continue functioning after an incident that has disrupted operations occurs. A contingency plan is an action plan that goes into place if an incident were to happen.

Contingency plans can significantly impact whether your business can achieve continuity. Being able to react and take action during a crisis can dictate whether or not your business can emerge from the other side and continue normal business operations.

You can think of it like this: your continuity plans contain five sections: program administration, governance, business impact analysis, strategies and requirements, and training and testing. If your business also uses contingency plans, it could be part of the strategies and requirements section, which dictates how your business will respond to a crisis if it occurs.

Contingency Planning: How to Make a Business Contingency Plan

Creating a contingency plan is responding to the question of "What if?"

What if your storefront floods? Or what if your supplier goes out of business? The responses to the what-ifs are contingency plans. These scenarios aren't necessarily going to happen, but if there is a possibility that they'll affect your business, you're prepared if they do.

Below we'll discuss the steps that go into contingency planning.

Contingency Planning in 7 Steps

1. identify critical business functions..

This first step is the most important aspect of your planning, as it sets the tone for why your plans need to exist in the first place.

During this phase, identify all critical areas essential to keeping your business up and running every day. As these operations are imperative to success, you need to have plans to ensure that these operations continue, regardless of whatever scenarios arise.

You can think of it like this: these critical areas keep your business up and running on a day-to-day basis. Other areas are important, but these are the main functions that keep you afloat. Given this, you want to be prepared for anything and everything that may happen that can affect the critical areas, whether positive or negative. Contingency planning is exactly that.

Identifying these areas helps you move on to the next step as you begin brainstorming possible scenarios that can impact them.

2. Conduct a scenario assessment.

Once you've identified the critical operations of your business, you'll want to conduct a scenario assessment to identify situations that will affect these functions and put stress on your day-to-day operations.

For example, if your business operates out of a storefront, keeping your storefront up and running is a critical area of your business's success. Maybe you launch a new product that attracts more interest than you thought, and you need to deal with higher in-store traffic and a lack of products to satisfy the market. While it is a positive situation that will draw in more revenue, it can still have negative repercussions for your business if you don't deal with it when it happens.

You can think of this stage as similar to a risk assessment, but the possibilities are positive and negative. It may be helpful to meet with people who work in these critical areas and understand what they think may cause interruptions to their job duties and barriers to their success. Ask them how they feel situations will impact them and how they would deal with each scenario.

If you come up with a long list of threats, you can prioritize them based on their likelihood of occurring and how significant their impact would be on your business.

3. Create contingency plans for each scenario.

During this phase, you'll create contingency plans. Begin with the highest priority "threats," or those most likely to occur and most likely to cause significant stress to your business.

Outline the scenarios, people to inform, and the roles and responsibilities involved parties will have when they respond. We'll go over an example below, but a helpful template to follow can be:

• Outlining the scenario,
• Determine the probability of it occurring,
• Explain how you'll prepare ahead of time,
• Detail what the response will be if and when it happens.

Once you've created your plans, distribute them to key stakeholders in each scenario, so everyone understands what they are responsible for and can prepare ahead of time.

4. Get your plan approved.

Once you’ve come up with a desired plan of action, it’s time to get approval from stakeholders and management. If you’re creating both department-level and company-wide plans, this is especially important. Your plan won’t be a success unless there is buy-in from key members of your team and management. Once all parties agree that the course of action described in the contingency plan works for everyone, you can move forward with confidence.

5. Share the plan with your team.

Once your plan is approved, it’s time to distribute it. Putting it in a shared folder accessible to everyone creates transparency and makes it readily available if the time comes.

Make sure the parties involved know what they’re responsible for in the plan, that way you can execute the plan seamlessly should the worst-case scenario occur.

6. Test your plans.

As with all plans, it's essential to continuously test (more on that in the next section) and update them over time. As businesses scale and change, your business needs will likely change, and specific scenarios will no longer have as significant of an impact. There may also be new scenarios to plan for that you hadn't anticipated or thought of when you were a smaller operation.

It can be helpful to create a timeline that you'll use to spend dedicated periods reviewing your plans, testing them, and communicating with the necessary stakeholders about any changes you've made to the plans.

7. Update your plan as needed.

Consider your contingency plan a work in progress. You’ll need to adapt it as new risks arise and to ensure it still makes sense for your business needs. Whenever a new manager or executive joins the team, be sure to share it with them as needed so they know what (if anything) is expected of them.

Contingency Planning Timeline

As planning is always an involved process, you may be wondering how much time you should devote to each step. Let's discuss a timeline below.

Week One: Identify Key Operations

Give yourself about a week to identify the operational areas essential for business function. You likely already know what these areas are, but you want to do enough research to identify them all.

Weeks Two & Three: Brainstorm Scenarios

Take two to three weeks to brainstorm the scenarios you're going to create plans for. Spend as much time as possible speaking to the necessary stakeholders to understand their ideas about the scenarios and how they'd like them dealt with. You'll want to conduct probability assessments and market research to understand if your competitors have ever dealt with something similar. You want to make sure you have all the necessary information before drafting your plan, so this step should be the longest.

Week Four: Draft Plan

Give yourself a week to draft your plans. The first two steps should give you all the information you need, so the third step is simply fine-tuning your research and creating the final plan. You can also share what you've created with your stakeholders and iterate on what you have based on their feedback.

The final step to creating your plan, maintaining and testing, is a continuous effort. As mentioned above, your business will likely be impacted by different things at different times, so it's always important to review plans and ensure they still relate to your needs. For example, maybe you plan to do quarterly reviews and training so new hires, and existing employees, are all on the same page.

Contingency Planning Example

It may be helpful to have an example of a contingency plan, so we'll go over one below. The examples are of a positive and negative situation, so you can get a sense of how a plan applies to both.

Contingency Planning Mistakes to Avoid

Even with the best intentions, your contingency plan may get off to a rocky start. Here are some common mistakes to avoid when creating one of your own.

Not securing executive buy-in first.

Before you can get your team or department onboard, you must get buy-in from the executive team. Otherwise, you risk creating a doomed plan from the start.

Get their feedback on potential risks and other factors that may impact guidelines in the plan. Having executive support from the start ensures the plan put forth is approved and also can motivate those at the department level to buy-in as well.

Failure to cover multiple scenarios.

When assessing potential risks and scenarios, it’s important not to cut corners or slack. Scenario planning is key to your contingency plan’s success. All potential risks should be taken into account. You can rank them by likelihood, but you should by no means leave less likely events out. Otherwise, you leave yourself vulnerable should the event happen.

Think about how many businesses were affected by supply chain issues during the pandemic. Most probably never predicted such a catastrophe, but the ones that had a plan in place for such an obstacle were better prepared.

Set it and forget it.

It’s really easy to get comfortable once your contingency plan is in place — after all, if you did your due diligence from the start, you’re ready to tackle any obstacle thrown your way.

Unfortunately, it’s not a one-and-done process. A contingency plan should be looked at as a living document and updated as needed. Your business needs will change over time and so will its obstacles and risks.

Create Business Contingency Plan

All in all, contingency plans help you prepare for a host of what-if scenarios, whether they happen or not. As you never want to be caught in a challenging situation, being prepared is the best thing you can do to ensure your business continues to succeed, regardless of whatever happens along the way.

As the saying goes, better safe than sorry .

Editor's note: This post was originally published in November 2021 and has been updated for comprehensiveness.

Don't forget to share this post!

Related articles.

How to Navigate Customer Service During a Business Closure

10 Crisis Communication Plan Examples (and How to Write Your Own)

I Tried 7 Crisis Management Software to See if They’re Worth It (Results & Recommendations)

20 Crisis Management Quotes Every PR Team Should Live By

Social Media Crisis Management: Your Complete Guide [Free Template]

De-Escalation Techniques: 19 Best Ways to De-Escalate [Top Tips + Data]

Situational Crisis Communication Theory and How It Helps a Business

What Southwest’s Travel Disruption Taught Us About Customer Service

Showcasing Your Crisis Management Skills on Your Resume

What Is A Business Continuity Plan? [+ Template & Examples]

Use this contingency plan template to communicate risk, prevention, and mitigation measures in your company.

Service Hub provides everything you need to delight and retain customers while supporting the success of your whole front office

What Is A Contingency Plan & How Do You Create One?

Updated: Jun 15, 2024, 12:20pm

Table of Contents

What is a contingency plan, benefits of contingency planning, 3 contingency plan examples, how to create a contingency plan in 7 steps, bottom line, frequently asked questions (faqs).

Many companies take the time to create a business plan and then follow it. This is touted as a way to achieve your goals successfully. However, unexpected incidents can derail the plan’s progress. This is why a contingency plan is so important. Learn what a contingency plan is and how to go about creating one for your company.

A contingency plan is a “plan B” that helps a business address specific situations or incidents that may or may not be out of its control. A contingency plan is the way that your team should react if there is something that interrupts the normal course of business. Contingency plans are often found as part of emergency planning, disaster recovery and risk management. It’s important to know how you want to proceed when the situation prevents you from running things as business as usual.

Contingency Planning vs. Crisis Management

Contingency planning is the process of creating a backup plan or several possible plans. This differs from crisis management, which is the actual response to a crisis. The actual response often utilizes one of the contingency plans created but addresses the incident in real time.

Contingency Planning vs. Risk Management

Contingency planning and risk management are closely related but different processes. Contingency planning addresses the “what if” situations and develops a plan that will work around those situations. Risk management is a proactive approach that companies use to prevent loss or disasters. So rather than being reactive like a contingency plan, a risk management plan looks to stop adverse events from happening in the first place.

Businesses need to be agile to remain successful in a variety of market and work conditions. Here are some benefits of contingency planning that you should consider:

• Saves time: Management is not stopping to develop a plan. All they need to do is assess the situation and implement the contingency plan.
• Saves money: Downtime for a business is costly. Contingency plans limit the costs of being forced on the sideline.
• Quick recovery time: Contingency plans redirect everyone so what they are doing is productive despite the adverse incident.
• Minimizes damages: A contingency plan can reduce the effects of a disastrous situation that would otherwise lead to massive damages to the business’s property and equipment.
• Avoid negative press: When things go wrong, the press can get wind of it, which can be negative publicity for the company. Contingency plans keep the business running with minimal impact on operations.

Let’s look at some examples to illustrate better why contingency plans are necessary and how businesses reacted.

Example 1. A Pandemic Hits

The Covid-19 pandemic forced many businesses to come up with a contingency plan on the fly. Many white-collar jobs were sent home for employees to do their job from the safety of their homes. Other businesses, such as restaurants, had to pivot to expanding their take-out operations and slowly opening up dining experiences.

Example 2. A Supplier Has a Delayed Shipment

Many businesses rely on a supply chain to provide certain materials in order to create and deliver their products. When there is an issue with the supply chain, the business must be prepared to deal with it. This could mean shifting a marketing focus on other products not affected or anticipating delivery delays and notifying customers of the issues and perhaps offering them a promotion for their patience.

Example 3. Majority of Staff Calls In Sick on the Same Day

When a bug is going around, it can be challenging to keep it from affecting your entire staff. If it happens that everyone gets sick on the same day, you need to have a plan in place to address the issue. This could mean having a temporary staffing agency already vetted out for help or having the employees who are on duty do double duty, taking on additional tasks to get the job done.

Creating a contingency plan doesn’t need to be difficult. Follow these seven steps to develop your contingency plan, from creating a policy state and implementing preventive controls to testing and training employees and maintaining your contingency plan.

Here’s how to create a contingency plan in seven steps:

Step 1. Create a Policy Statement

A policy statement is the outline of the authorization that exists to develop a contingency plan. This might be something as simply stating a possible scenario and noting that owners have put this plan in place.

Step 2. Conduct a Business Impact Analysis

This step digs into what would happen if no contingency plan existed. It prioritizes the systems that are imperative to the business functions.

Step 3. Implement Preventative Controls

This step is designed to mitigate any adverse scenario’s impact on the business. The goal is to reduce the costs associated with running the business on a contingency plan basis.

Step 4. Develop Contingency Strategies

These are recovery strategies that help the business ensure that it will recover quickly and efficiently after a disruption occurs. Contingency strategies may be specific to the type of disruption that happens.

Step 5. Write Out the Contingency Plan

This step takes the strategies and writes out an action plan that is designed to overcome the disruption. It is a detailed response that allows the business operation to continue to work.

Step 6. Test and Train Employees

Every contingency plan should be shared with employees well in advance of needing to enact the plan. Employees should be trained on what to do in specific scenarios and help keep the business operations running as smoothly as possible.

Step 7. Maintain the Plan

Keep the plan updated based on current systems and organizational changes. You don’t want to implement the plan and then run into a hiccup because a key employee is no longer with the firm or the system doesn’t allow you to do what you want to do.

You can’t control many disastrous situations that can occur, but you can plan for them. Remember to think about your resources and how you can overcome obstacles to keep your business operations running smoothly after a disaster happens.

What is the purpose of a contingency plan?

A contingency plan exists to deal with unexpected adverse situations, which are often disasters that disrupt your ability to run your business.

What is a good contingency plan?

Good contingency plans address the many possible disasters that may happen. It might address natural disaster scenarios or supply chain issues. A good contingency plan helps you address many different types of disruptions.

What is another term for contingency?

Other terms for contingency planning include crisis management, emergency planning and risk management.

• Best Project Management Software
• Best Construction Project Management Software
• Best Project Portfolio Management Software
• Best Gantt Chart Software
• Best Task Management Software
• Free Project Management Software
• Best Enterprise Project Management Software
• Best Kanban Software
• Best Scrum Software
• Asana Review
• Trello Review
• monday.com Review
• Smartsheet Review
• Wrike Review
• Todoist Review
• Basecamp Review
• Confluence Review
• Airtable Review
• ClickUp Review
• Monday vs. Asana
• Clickup vs. Asana
• Asana vs. Trello
• Asana vs. Jira
• Trello vs. Jira
• Monday vs. Trello
• Clickup vs. Trello
• Asana vs. Wrike
• What Is Project Management
• Project Management Methodologies
• 10 Essential Project Management Skills
• SMART Goals: Ultimate Guide
• What is a Gantt Chart?
• What is a Kanban Board?
• What is a RACI Chart?
• What is Gap Analysis?
• Work Breakdown Structure Guide
• Agile vs. Waterfall Methodology
• What is a Stakeholder Analysis
• What Is An OKR?

Next Up In Business

• Top Asana Alternatives
• Best Scheduling Apps
• monday.com Review : Features, Pros & Cons
• Asana Review : Features, Pricing & More
• Trello Review : Features, Pricing & More
• Monday Vs Clickup

Best West Virginia Registered Agent Services Of 2024

Best Vermont Registered Agent Services Of 2024

Best Rhode Island Registered Agent Services Of 2024

Best Wisconsin Registered Agent Services Of 2024

Best South Dakota Registered Agent Services Of 2024

B2B Marketing In 2024: The Ultimate Guide

Kimberlee Leonard has 22 years of experience as a freelance writer. Her work has been featured on US News and World Report, Business.com and Fit Small Business. She brings practical experience as a business owner and insurance agent to her role as a small business writer.

The Easy Guide to Creating a Business Contingency Plan

Updated on: 2 November 2022

How to avoid disasters? Be prepared for them. 

When things are going well, you often forget to plan for the bad times. But when disaster strikes, you could lose everything in a heartbeat.

An earthquake can bring your whole shop to the ground, your biggest client can choose your competitor over you, your system suddenly can crash making you lose important data etc. There are endless possibilities of disasters if you really think about it. 

That’s why lack of a plan can be a disaster of its own. 

Let’s see why you need a business contingency plan and how to create one in a few simple steps.  

What is a Business Contingency Plan? 

But first, let’s define what a contingency plan is. 

A contingency plan is a proactive strategy that describes the course of actions or steps the management and staff of an organization need to take in response to an event that could happen in the future. It plays a significant role in business continuity , risk management and disaster recovery. 

It helps you stay prepared for unforeseen events and minimize their impact. It also outlines a plan for carrying out the normal business operations after the event has occurred.  

It’s also known in names such as plan B, backup plan, and disaster recovery plan. In case your primary plan doesn’t work, it’s time to execute the plan B.

Benefits of a Contingency Plan 

Without a contingency plan you’re opening yourself to unnecessary risks. Here are some important benefits of a contingency plan that you cannot look away from. 

• Helps react quickly to negative events. As a contingency plan lists the actions that need to be taken, everyone can focus on what to do without wasting time panicking.
• Having a contingency plan in place allows you to minimize damage that could happen from a disaster and minimize the loss of production. For example if you have emergency generators set up, even during a blackout, your team can work seamlessly. 

How to Make a Contingency Plan 

An effective contingency plan is based on good research and brainstorming. Here are the steps you need to follow in a contingency planning process. 

Step 1: List down the key risks

Identify the major events that could have a negative impact on the course of your business and on the key resources, such as employees, machines, IT systems etc. 

Involve other team heads, subject experts, and even outsiders like business consultants to get a deeper understanding of things that may cause problems and jeopardize the direction.

Use a mind map to organize and categorize the information you gather from the brainstorming session with the staff. You can easily share this with everyone in the organization to get their input as well.

Step 2: Prioritize the Risks Based on Their Impact 

Once you have created a list of all the possible risks that could occur in different areas of your business, start prioritizing them based on the threat they pose. 

The risk impact probability chart is a handy tool you can use here. It helps you evaluate and prioritize risks based on the severity of their impact and the probability of them occurring.

Step 3: Create Contingency Plans for Each Event

In this step you’ll create separate plans that outline the actions you need to take in case the risks you identified earlier occur. 

Consider what needs to be done in order to resume normal operations after the impact of  the event. 

Here you’ll need to clarify employee responsibilities, timelines that highlight when things should be done and completed after the event, restoring and communications processes and the steps you need to have taken in advance to prevent losses when the event has taken place (i.e. insurance coverage). 

You can use a visual format here to highlight the course of actions. It would be easier for everyone to comprehend.

Step 4: Share and Maintain the Plan 

Once you have completed the contingency plans , make sure that they are quickly accessible to all employees and stakeholders. 

Review your contingency plans from time to time and update them as needed. And it’s a best practice to inform your employees of the changes as well, as it may include updates to their roles and responsibilities.  

What’s Your Take on Contingency Plans?

That is how you make a detailed contingency plan. List down the major incidents that could harm your business operations, prioritize them based on their impact and probability, create an action plan explaining what you should do in case they occur, and review and update them frequently. 

What is the contingency planning process at your organization? Let us know in the comments section below.

Join over thousands of organizations that use Creately to brainstorm, plan, analyze, and execute their projects successfully.

More Related Articles

Leave a comment Cancel reply

Please enter an answer in digits: one + 6 =

Download our all-new eBook for tips on 50 powerful Business Diagrams for Strategic Planning.

• TemplateLab
• Project management

Contingency Plan Examples

40 detailed contingency plan examples (& free templates).

Good strategies always involve a contingency plan in case the original plan backfires. In some cases, the original plan may not be as successful as you expect which is why you need a contingency plan example to achieve the same goal . We have heard the term “Plan B” before and this in its simplest way, is a contingency plan.

Table of Contents

• 1 Contingency Plan Examples
• 2 What is a contingency plan?
• 3 Contingency Plan Templates
• 4 When to use a contingency plan?
• 5 Using a contingency plan example in risk project management
• 6 Business Contingency Plan Templates
• 7 Steps in contingency planning
• 8 Creating your contingency plan
• 9 Contingency Plan Samples
• 10 The challenges that may come with contingency planning

What is a contingency plan?

The steps taken by an organization when an unexpected situation or event occurs is a contingency plan. A contingency plan example may be positive like when there’s an unexpected surplus in the cash flow. But more often than not, the contingency planning process mostly refers to negative events.

The events which might have a bearing on the organization’s financial health, reputation or on its ability to continue with business operations. Such events may include natural disasters, fire, network failure, and a data breach, to name a few.

Having a contingency plan template helps you make sure that there’s always a continuity in the business. Most of the bigger business organizations have sets of business contingency plan templates for various potential threats. These undergo extensive research and the resulting appropriate responses get subjected to full practice even before the crisis occurs.

You can consider a contingency plan as a proactive approach as compared to crisis management, which is more of a reactive approach. Having a contingency plan ensures that you’re always prepared for any eventuality. Conversely, a plan for crisis management enables you to control the response after the eventuality occurs.

Contingency Plan Templates

When to use a contingency plan?

Also, keep in mind that the design of a contingency plan template is only for risks that can you can identify and not for unknown or unidentified risks. This is for the simple reason that you cannot make a plan if you don’t know the risk.

It’s also worth noting that contingency plans don’t only exist in anticipation should things go wrong but you can also create one to make the most of strategic opportunities.

For instance, you have come to know of a new type of software for training that’s about to get released soon. Should this occur during the project, you can create a contingency plan on how to include this into the training stage of your project .

Using a contingency plan example in risk project management

As mentioned earlier, a contingency plan example responds to a negative event that might affect or tarnish the reputation of an organization or its financial standing. In business, however, a business contingency plan template isn’t always negative. There are cases of positive contingency plans too.

Also, keep in mind that the contingency planning process is a proactive strategy, unlike crisis management which is a reaction to something that has happened. A contingency plan accounts for any disruptive events to ensure that the company is always prepared if and when such events should occur.

Contingency plans are usually part of the risk management department and project managers should know that the plan is simply an outline. However, there are times when the project may extend beyond this. This means that the manager can be more prepared to make changes in the plan if he deems it would be more effective.

Risk management isn’t the same as the contingency planning process. Risk management is more about establishing, assessing, mitigating, avoiding, sharing, transferring, and accepting risks, whereas a contingency plan focuses on developing steps for when a risk occurs. But they share a common aspect. They both describe the steps to take in such an occurrence.

In its simplest form, a contingency plan definition is what you should do when an unexpected event takes place. Simpler still is “What if….?”, then creating an outline of the steps that answer this question.

Business Contingency Plan Templates

Steps in contingency planning

Project management always involves several entry points for risks that you have to consider for a contingency plan example. Here are some risk factors that you should take into account for a contingency plan template:

• The physical aspect where losses can happen caused by damage to facilities, equipment or information because of natural disasters or an accident.
• Technical issues may be a risk factor too, where the system stops functioning as needed for the delivery of the project as scheduled and within the budget.
• Human resources can be another risk too as teams may leave projects, get sick or get terminated.
• In a much larger scale, risk factors beyond the project manager’s control are social and political changes. As an example, you can work with a contract which can drastically change depending on who’s in control. Nothing remains stable with risk factors. Communities can even protest against projects and bring them to a halt.
• There are also liability issues where there are potential threats in the form of compensation plans and legal actions.

Here are the basic steps in the contingency planning process:

• Make it a point to know which resources can you use in the event of an emergency and in which part of the contingency plan you can apply these resources.
• Identify important dates that, if you miss, might negatively affect the plan. For instance, getting approval from committees which rarely meet.
• Know your plan. Check its weaknesses and strengths. Identify slack which you may find.
• Check for any points in the plan where you can apply alternative routes and evaluate each scenario to make your plan more flexible.
• Use your knowledge and experience in discerning patterns in the ebb and flow of the activities in your project to make it more efficient.

Creating your contingency plan

You need a lot of planning and research when creating a contingency plan example. But planning ahead, with each plan makes things easier for you. When creating one for your company, follow these steps:

• Identify your resources and prioritize them Do research throughout the organization so you can identify then prioritize the integral resources in your organization.
• Identify the most significant risks You need to identify any potential threats to the researched resources. If you need to, meet with executives, and employees to get more a holistic picture of how events can affect your resources. To be more precise, bring with you a consultant or a specialist in the identification of risks.
• Draft a contingency plan template Although you may come up with plans for each of the risks individually, it’s recommended to begin with the threats you consider high priority. This refers to the ones which have a high likelihood of occurring and would have the most significant impacts. As time goes by, you may start working toward coming up with plans for the lower-priority risks. When drafting plans for identified risks, start asking yourself about the steps to take so that the organization can go back to normal operations. Take into account factors like employee activity, communications, timelines , and staff responsibilities. Based on these, you can then make a plan for each of the risks.
• Share the plans Make sure that all employees and stakeholders have access to each plan as soon as you’ve completed them and had them approved. You may want to consider using a mobile application for this very important step. This could make the contingency plan together with similar documents directly available to all of the employees through their mobile service. This method also ensures that every employee has easy access to the updated plans for when the need arises.
• Maintain the plans As the organization undergoes changes, make sure that you reflect such changes in your business contingency plan template. There’s also a need to rehearse the plan with stakeholders regularly so that the key players know their roles and responsibilities.

Contingency Plan Samples

The challenges that may come with contingency planning

Managers will always get confronted with challenges that they should consider before and while creating contingency plans. These challenges include:

• Only focusing on “Plan A” By nature, people only want to work on a single solution. This may be the reason why a contingency plan doesn’t get the proper attention it deserves. They all hope “Plan A” succeeds and they think that focusing too much on “Plan B” might potentially be damage their success. As managers, they should stress how important a contingency plan is as it serves as your safeguard to help facilitate success instead of obstructing it. This means that the contingency plan should never get shelved. Instead, you must make it readily accessible.
• A small probability of using the plan Because of the small probability that you will ever use the contingency plan, many believe there’s no urgency in creating one. That means the plan could find itself at the very bottom of the company’s list of tasks if anyone will create it at all. There is a need for this plan for any project, even if the company has to invest a little more in it. When you decide to create a comprehensive contingency plan, you will feel the pay off when you end up needing it.

More Templates

Training Plan Templates

Work Plan Templates

Zero Based Budget Templates

Business Continuity Plan Templates

Behavior Plan Templates

Implementation Plans

Businesses need a plan to get back on track when a disaster interrupts daily operations. Contingency plans, also known as “business continuity plans,” “emergency response plans” and “disaster recovery plans” help organizations recover after a disruption.  

Whether they’re preparing for a global outbreak of a deadly virus, crisis management around a data breach or the loss of an important client, contingency plans help organizations bounce back after a negative event.

Companies create many kinds of recovery strategies for everything, from the merger of key competitors to the insolvency of the bank that processes its employee payroll. In India, the government was busy designing a contingency plan as a drier-than-expected monsoon season approached.¹ Meanwhile, in Hong Kong, a large bank was preparing a plan b in case a host of new sanctions were levied as the result of a recent geopolitical development.²

This guide summarizes what sustainability-forward organizations look for in their ESG software platform to help achieve their goals.

Register for the ebook on ESG reporting frameworks

Here are five steps companies use to create effective business contingency plans.

The contingency planning process begins with a risk assessment to gauge the potential impact of each risk. Typically, business leaders and employees conduct risk analysis.

Team members begin with a brainstorming session where they discuss potential risks, courses of action and the company’s overall preparedness. During this stage, it’s important to be clear about the scope of the project and invite all relevant stakeholders to give input. Companies don’t need to create a risk management plan for every threat they face, just the ones deemed highly likely and with the potential to interrupt business operations.

Effective business impact analysis (BIA) is critical to understanding different business functions and how they will react to unexpected events. For example, while a shortage in micro-processors might be devastating to a part of a business that deals with the manufacture of gaming consoles, it likely has little to no impact on the same company’s HR department.

To assess the urgency of creating an action plan for this specific threat, the company would need to know how much of its revenue was being generated from the part of the business threatened by the microprocessor shortage. If gaming consoles are a high percentage of their revenue, they will put a strong plan in place soon.

A well-developed BIA helps stakeholders assess risk and better understand which parts of their business are most critical to daily operations.

After identifying the risks their company faces, determining the likelihood and severity of each risk and conducting a BIA, business leaders can follow a simple, three-step process to build their backup plan.

Identify the triggers that set their plan into action: For example, if a hurricane is approaching, at what point does the approaching storm trigger the contingency plan? When it’s 50 miles away or a 100? They must make clear decisions so the teams they put in charge of execution know when to start their work.

Design an appropriate response: The threat the business prepared for arrives. Teams must know exactly what’s expected of them so the company can recover quickly. Compile clear, accessible instructions, protocols that are easy to follow and a way for everyone to communicate with each other.

Delegate responsibility clearly and fairly: Like any other initiative, contingency planning requires effective project management to succeed. In the case of an existential threat such as a natural disaster, everyone involved in helping the company recover must know their role and be properly trained to perform it.

For example, in the case of a fire, it wouldn’t be fair to expect employees untrained in firefighting to pick up a hose. However, with the right training, they might conduct headcounts or go floor-to-floor to ensure that other employees have evacuated.

One way to improve workflow among teams when designing a plan is to create a RACI chart . RACI stands for responsible, accountable, consulted and informed and is a widely used process to help teams and individuals delegate responsibility and react to crises in real time.

While it can be hard to justify the importance of putting financial resources into something that might never happen, these past few years have taught us the value of good contingency planning. Think of all the supply chain problems, critical shortages of personal protective equipment and financial havoc wreaked by the pandemic. What would have been different if organizations had had effective contingency plans in place?

Cost and uncertainty are significant barriers when convincing business leaders of the importance of making an investment in contingency planning. Since all costs for contingency plans are estimated—there’s no way of knowing precisely how events will disrupt a business—decision-makers are understandably hesitant.

Different industries have different ways of approaching this problem. In the construction industry, it’s common to set aside 10% of the overall budget of a project for contingencies. Other industries use different methods.

One popular method estimates risks according to a percentage of how likely they are to occur. By this method, if there’s a 25% risk of an event occurring that will result in USD 200,000 in recovery costs, the company must set aside 25%—or USD 50,000—to be in compliance with their contingency plan.

Markets and industries are constantly shifting, so the reality that a contingency plan faces when it is triggered might be different than the one it was created for. For example, after the 9/11 terror attacks, many of the contingency plans that the US government had in place were suddenly irrelevant because they had been prepared decades before.

To avoid a similar disconnect between plans and threats, businesses need to constantly test and reassess the plans they’ve made. For example, IBM’s guidelines mandate that plans should be tested at least once annually and improved upon as necessary. If new risks are discovered and their severity and likelihood is deemed high enough, the old plans might be scrapped altogether.

When businesses are hit with an unexpected disruption, a strong contingency plan gives much-needed structure to the recovery process. Disruptive events cause chaos and decision-makers and employees are often left scrambling to understand what is happening and how best to respond to it. Having a strong plan to turn to can help restore confidence and show the way forward.

Here are a few benefits business leaders who create strong contingency plans can expect:

Businesses that create strong plans recover faster from a disruptive event than businesses that don’t. When a negative event occurs, the faster the business recovers and gets back to business-as-usual, the lower the risk to the company, its customers and its employees.

A good contingency plan minimizes the damage to a company—both reputational and financial. For example, while a data breach will undoubtedly damage a bank’s reputation, as well as its bottom line, how the bank responds will play a critical role in whether its customers decide to continue doing business with it.

Many organizations use a strong contingency plan to show employees and customers that they take preparation seriously. By planning for a wide range of potentially damaging events, business leaders can show investors, customers and workers that they’ve taken the necessary steps to minimize risk.

Many plans focus on natural disasters such as floods, earthquakes or fires. Others deal with data breaches, unexpected network downtime or the loss of a key employee such as a CEO or founder. Here are a few examples of contingency plan templates that deal with broadly different scenarios across a range of industries.

Severity and likelihood of risk: The manufacturers have been following the news in a region where they source specific airplane parts and have deemed the likelihood of disruption there “high.” They initially conduct a search for another supplier but quickly learn that it takes months—even years—to find one. Since the part is necessary for the construction of all their airplanes, they label the severity of this disruption “high” as well.

Trigger: Suppliers make the manufacturer aware that they will soon run out of the needed part due to a disruptive geo-political event in its country of origin.

Response: The manufacturer begins the search for a new supplier of the much-needed part in a more stable country.

Severity and likelihood of risk: The managers of a bank know of a vulnerability in their app that they are working to fix. If the app is hacked and their information systems are compromised, they are likely to lose vital customer data. They rate the likelihood of this event as “high” since, as a financial institution, they are a desirable target.

They also know from watching their competitors face similar situations that the potential for disruption to their business in an event like this is great. They rate the severity of this risk as “high” as well.

Trigger: IT makes the bank’s managers aware that the bank’s app has been hacked and their customers’ data is no longer secure.

Response: The app is immediately shut down and customers are notified that their data has been compromised. They are made aware of the steps that the bank is taking to ensure that they have access to their money and that their personal information is not available to anyone on the dark web. An on-call team of specially trained security experts come in to restore the bank's systems and secure customer information.

Severity and likelihood of risk: The plant’s managers know that severe flooding might spread un-treated water into the city’s streets and public waterways. Both the severity of this risk and its likelihood given the impending storm are deemed “high. ”

Trigger: The hurricane’s path turns toward the city and approaches to less than 100 miles away with wind speeds higher than the threshold rated “safe.” The plant’s contingency plan is put into action.

Response: All necessary workers are recalled to the plant 24/7 and measures are taken to treat as much of the water as possible before the hurricane arrives. According to their plan, whatever is left over will be pumped into holding tanks that are designed to withstand a hurricane. When windspeeds rise to a certain velocity, the plant itself is shut down and all workers evacuated.

Help your business respond quickly to changing conditions with IBM Maximo, an integrated cloud-based solution that harnesses the power of artificial intelligence (AI), Internet of Things (IoT) and advanced analytics to maximize performance and minimize costs and downtime.

Learn more about the process of disaster recovery planning and Disaster-Recovery-as-a-Service.

Discover how global supply chains responded to the COVID-19 pandemic and are developing better ways to balance efficiency and resilience.

See how businesses are leveraging AI and other emerging technologies to maintain business continuity amid disruption and uncertainty.

Unlock the full potential of your enterprise assets with IBM Maximo Application Suite by unifying maintenance, inspection and reliability systems into one platform. It’s an integrated cloud-based solution that harnesses the power of AI, IoT and advanced analytics to maximize asset performance, extend asset lifecycles, minimize operational costs and reduce downtime.

1  “ El Nino contingency plan being readied for farmers and output ” (link resides outside ibm.com), Elara Securities Pvt Ltd., 27 April 2023.

2  “ HKMA has prepared contingency plans in case of severe sanctions ” (link resides outside ibm.com), UBS Global Research and Evidence Lab, 5 May 2022.

• Get started
• Project management
• CRM and Sales
• Work management
• Product development life cycle
• Comparisons
• Construction management
• monday.com updates

A practical guide to creating a contingency plan

The vast majority of failed projects and bankrupt companies had a plan and followed it. So why do these projects and companies end up failing?

Unexpected things happen that companies don’t plan for, and many fail to adapt in time.

The key: having a sound contingency plan. A contingency plan is all about expecting the unexpected and preparing to deal with worst-case scenarios ahead of time. This article will cover why you need a contingency plan, and walk you through step-by-step instructions for creating one. We’ll also provide a contingency planning template you can implement and use on monday.com immediately.

What is a contingency plan?

A contingency plan is a predefined set of actions that you will implement in response to specific future events that put your project or business at risk.

A simple example of a contingency plan is to back up all your website data. That way, if your website gets hacked, it will be easy to restore the data after regaining access and changing passwords.

Without that backup, the team might have to recreate the entire website from memory or build a website from scratch . That’s a significant expense and can mean several extra days (or weeks!) of downtime.

A contingency plan is about managing and lowering risk and setting yourself up for speedy disaster recovery.

What are the two types of contingencies in project management?

There are two types of contingencies that you should plan for: budget contingency & schedule contingency.

• Budget contingency is an additional amount of money that you allocate to your budget, so you can cover extra costs that might come up as the project progresses. If you don’t have a contingency budget, you might run into an unexpected cost that could send you over budget and risk the profit margin of your project.
• Schedule contingency is an additional amount of time that you bake into your project schedule, to allow for any unexpected delays or hiccups in your project progress. Without schedule contingency, you risk running over your project deadlines and disappointing stakeholders.

Contingency plan examples

Here are a few examples of how contingency planning could help save the day, no matter what happens:

Project contingency plan

Imagine that a key team member unexpectedly leaves the project. If you were contingency planning for this scenario, you might outline the following steps you could follow if you lost a key project team member:

• Identify who will take over the tasks of the departing team member, and what tasks still need doing
• Assess if any additional resources will be needed (such as an additional part-time project member from another team)
• Provide training sessions for other team members to ensure they can step in effectively
• Notify any stakeholders about the change and how it will be managed to minimize disruption and offer reassurance.

Business continuity plan

How about if a natural disaster disrupted operations at your primary office location? Could your business cope? With a continuity plan in place, you’ll turn things around quickly:

• Make sure all your employees have access to the necessary tools and systems so that they can work remotely if necessary
• Regularly back up all essential data to the cloud, and have a data recovery plan in place, in the event of loss of the hardware in your primary office
• Identify backup office space or plan for remote work options if the primary location becomes inaccessible
• Define communication channels that you’ll use in the event of a major disruption so that you can reach your employees to provide updates and instructions on how to proceed

Supply chain contingency plan

Do all your logistics depend on a few key suppliers? Then you should have a supply chain contingency plan in place, in case of unexpected production or shipping delays.

• Have more than one supplier for critical components, so this becomes less of a business risk.
• Maintain a buffer stock of your essential components, so that production won’t be held up by supplier delays
• Find a shipping company that offers expedited shipping options in case you have an urgent need
• Update your supplier contract to include penalties for delays and a procedure for resolving any disputes

Why contingency planning is important

Murphy’s Law specifies that anything that can go wrong will go wrong. And any experienced project planner knows how true that is! Contingency planning can make or break your business:

It helps mitigate risk.

Contingency planning helps to identify potential risks and get ahead of them with a proactive plan. That way, even when things go wrong, you can minimize the disruption to operations and reduce your financial losses.

It makes your business more resilient.

Having a contingency plan in place enables you to respond to the unforeseen more effectively, adapt to changing conditions, and recover from setbacks more efficiently.

It keeps you compliant.

In many industries, contingency planning is mandated by regulatory requirements, so you’ll need these plans in place to avoid penalties and maintain good legal standing.

It increases customer trust.

Customers trust businesses that handle disruptions effectively. The ability to respond quickly and effectively when things go wrong will help build your reputation for great customer service.

Looking for a tool to make contingency planning easier? With monday.com, you can store all your contingency plans in a central location, communicate changes with stakeholders, and create automated workflows in response to unexpected events.

What are the characteristics of a good contingency plan?

Your contingency plan should include the following components:

List of risks

Begin by making a thorough identification of potential risks that could realistically occur. Depending on what kind of contingency plan you’re putting together, these could be all the risks that could impact your business, or the risks that could delay or disrupt a specific project or product.

For example, in terms of business-level contingency planning, you could list out:

• Natural disasters
• Technological failures
• Economic downturns
• Supply chain disruptions
• Sudden market changes

Response options

Your plan should then outline various responses that you could choose between, for each risk you’ve identified. These might be:

• Actions to mitigate the risk
• Ways to transfer the risk to another party (e.g. by buying insurance)
• Ways to accept and manage the risk

Plan of action

For each risk and response option, you should then add in a plan of action, including:

• Steps to take
• Who is responsible for each step
• Any resources you’ll need
• Any need to coordinate with other stakeholders or third parties

Communication management protocols

You’ll also want to make sure that you have a plan in place to communicate effectively with all stakeholders, including:

• Who needs to be notified
• The channels you’ll use for communication
• How often you’ll send out updates
• Any useful templates to use for messages

Trigger points

Decide in advance when you’ll activate a specific contingency response. For instance, you might have a particular threshold beyond which you’ll move to a contingency plan — such as the severity level of a natural disaster. You should also define who has the authority to make these decisions, and how the decision will be made (by committee or by chain of command, for instance.)

Testing and review

To keep your plan up to date, you should schedule regular tests and reviews. For instance, for a natural disaster contingency plan, you might want to run a drill once a year, to practice your response procedures and make sure that everything works as it should.

How to create a contingency plan

Let’s cover the basic contingency planning process and detail how to get yours up and running.

1. Map out essential processes.

What processes are essential to your business and safely delivering your product or service to customers?

If you’re a manufacturing company that ships directly to consumers, a simplified process list might look something like this:

• Getting raw materials from suppliers
• Manufacturing process
• Freight and shipping
• Packaging and warehousing
• Last-mile delivery

Looking at this list, you can see how vulnerable it is to natural disasters or even minor human errors.

Create an overview of every crucial process in your organization.

2. Create a list of risks for each process.

Once the process list is created, consider what might disrupt business continuity.

What can go wrong with each of these critical processes?

Let’s look at an example of what could go wrong with “last-mile delivery” …

• The driver can deliver single or multiple packages to the wrong address.
• The package can be damaged during delivery.
• The package could get lost at a distribution center.
• A truck full of packages could be involved in an accident.
• A flood could cripple the road system in a specific area.
• The driver could get delayed because a moose wants to lick salt splatter off the car (seriously, it’s a thing ).

And that’s only a preliminary list. Once you start thinking about it, you’ll realize how many things you rely on to avoid going wrong, even for fundamental processes.

Every business process is vulnerable to some sort of emergency or human error and requires a solid risk management process .

3. Evaluate the potential impact and likelihood of each risk.

Once the risks are identified, it’s essential to determine how they could impact your business.

Are they likely to happen? How large will the impact on your business if they do occur?

Most companies use “qualitative risk assessment” to do this.

PMI uses the following risk exposure assessment table — also called the probability impact matrix — to evaluate … the probability and impact of potential risks.

( Image Source )

First, rate the severity of the impact on a scale from 1–100. Then, multiply with a percentage based on how likely it is to occur.

4. Calculate costs and contingency reserves, and identify issues to mitigate.

The quantitative risk assessment approach is less common — but more practical — to assess the potential cost of each risk.

How much would each risk potentially cost your business? To get a better overview, add these 4 columns to the risk register template :

• Full potential loss from the event
• Expected loss from the event
• Cost of response (post-event)
• Cost of mitigation (pre-event)

This means you can make an educated decision when budgeting contingency reserves into project plans and yearly budgets.

During the risk analysis , estimate the potential costs of the adverse event.

EXAMPLE: if your online store goes down, multiply the average online sales revenue per hour with expected downtime. Make one pessimistic and one realistic estimate.

Your hosting service may also have a flat fee for restoring sites, which would be your response cost. If these costs are unreasonably high and the event is likely, estimate the costs of a mitigation effort. In this case, it could be a firewall and extra procedures, like 2-factor authentication, an important security system , for all employees.

Budget in those costs. An accurate budget is the first part of emergency response and prevention. Without enough cash, your team won’t be able to put any response plans into action.

5. Create a response plan for prioritized events.

Create a response plan for events by exploring the following questions:

• What can be done ahead of time to minimize any adverse effects on the event? For example, backing up data, carrying extra stock, or having more employees on call.
• What can be done immediately after the event to minimize the impact? For example, ordering more from a secondary supplier, rerouting another vehicle, or bringing in on-call staff.

The specifics depend on your company’s unique processes and situation.

6. Share the contingency plan.

A contingency plan only works if it’s used when things go wrong—and that means that everyone in your organization knows to reach for the plan in times of trouble. To make sure that happens:

• Identify who needs to be aware of and involved in contingency planning.
• Choose appropriate communication methods for each stakeholder group. For instance, department heads may need specific meetings to focus on their section of the plan. Key employees might need a training session.
• Create the plan in an accessible, centralized location, such as a monday.com board. That way, everyone involved can access the plan, and you can keep it updated at all times.
• Encourage feedback on the plan, such as running an employee survey to check understanding and seek ideas for changes and improvements.
• Post reminders and updates on your shared internal communication channels.

7. Monitor and review the contingency plan.

If you want your contingency plans to protect your business, you have to keep them up to date. That means you’ll need to schedule regular reviews of the plan to check that it’s still relevant and aligned with your changing business.

Remember to communicate updates or revisions to all relevant stakeholders, and provide opportunities for additional training if needed.

Manage your contingency planning process with monday.com

Having your business contingency plan on paper is an excellent place to start. But it won’t translate to how your entire company will tackle a crisis.

That’s where monday.com comes in. Our flexible digital workspace gives you everything necessary to ensure everyone follows the contingency plan when they need to.

Use our pre-built contingency plan template to get you started 

Make sure that no employee is left clueless during a crisis. Our contingency plan template has everything you need to start the planning process.

With our pre-built template, you can feel confident you’re following best practice contingency planning, so your business will run smoothly even in the case of unexpected events.

Use integrations to notify someone of an event automatically 

With monday.com’s powerful integrations and automations, you can respond to unfavorable events more quickly.

For example, you can immediately create and assign a work item whenever a customer submits a bug report.

This approach helps avoid another potential problem: customer service failing to report bug reports to your development team.

Monitor project status at all times in dashboards to avoid bottlenecks and domino effects.

The best time to start acting is before a catastrophic event that puts your entire project or business at risk.

To do that, your management team needs a clear understanding of the project’s status at all times.

Use the 30,000-foot view every manager needs to avoid predictable project delays and failures and check that project controls are working properly.

Contingency plans are a must-have.

When starting a project or business, most people plan according to the status quo. Unfortunately, that’s a best-case scenario and not helpful in the real world.

A contingency plan helps you prepare for worst-case scenarios and keep your project afloat, should anything go wrong.

• Project risk management

Don’t miss more quality content!

Send this article to someone who’d like it.

A Contingency Planning Guide: How to Future‑proof Your Business

Learn about business contingency plans and why it makes sense to create one now.

We have probably all been in situations where things have not gone as expected. Although no one wants carefully laid plans to go awry, having a Plan B ensures that you’ll be able to weather most unforeseen events. Being prepared for alternative action is especially crucial in a business context where the unexpected can happen at any time.

What is contingency planning?

A contingency plan is a clearly defined course of action that can help any organization deal with potential business risks, ensure business continuity, and then resume normal business operations as quickly as possible.

Why is it important to create contingency plans?

An unfavorable event is generally unlikely to take place. However, as a business owner, having a contingency plan for different scenarios can give you peace of mind that an emergency response is set in place if things do go wrong. With this kind of backup plan, disaster recovery will be a much smoother process, and normal operations can quickly resume.

For example, no one can accurately predict when natural disasters will strike or when global events like the Coronavirus pandemic are going to hit. In the case of the latter, nearly every business faced hardship, regardless of its size or industry, but companies that had contingency plans were able to get back on their feet sooner.

Other than providing guidance during external unexpected events, a contingency plan should also extend to possible internal events, such as data breaches, staffing shortages, software downtime, or declining business relationships.

A contingency plan doesn’t just have to cover a negative event. Ideally, you should also have an action plan in place for growth or improvement situations—for example, if there is a sudden surge in customer requests or you identify a special market opportunity.

What differentiates a contingency plan from other types of risk planning?

Business continuity plan.

A business continuity plan is a temporary solution that ensures your business is able to continue functioning even after operations have been disrupted. For example, if you are suddenly unable to access your office space, a business continuity plan would be to invest in software that would allow your employees to work from home until new premises can be secured.

Alternatively, a contingency plan triggers a course of action in response to a specific incident. For example, a contingency plan for the loss of a huge client would be different from one dealing with an information systems crash.

Disaster recovery plan

While a contingency plan is a proactive strategy, a disaster recovery plan is a reactive one and should be part of any contingency policy to return your company operations back to normal. It can include recovery strategies, such as continued data access and IT infrastructure, so your company operates near the level it did before the disaster took place.

Disaster recovery and business continuity planning are both narrower in scope than a contingency plan. It deals mainly with operational matters in your organization so that you can recover from a disaster as quickly as possible.

Crisis management plan

Like disaster recovery, a crisis management plan is more focused on real-time response following a crisis, compared to the preventive planning needed for a contingency plan. A quick note on how to differentiate disasters from crises—a disaster comes about suddenly, whereas a crisis develops over time (be it quickly or slowly).

It is impossible to be prepared for every eventuality despite your best attempts to make the most thorough recovery strategies. The events that occur might not fit neatly into your contingency plan. In these situations, the only way out is to swiftly modify the contingency plan.

When companies need to think on their feet and adapt to unexpected scenarios, this is where crisis management—the overarching management of emergencies—comes into play.

Risk management plan

Risks are always present in the business world. A risk management plan is similar to a contingency plan because it is also proactive in nature. However, with risk management, you have an action plan to prevent potential crises from taking place, while also reducing the impact of these crises should they happen.

A contingency plan only kicks in either once a certain negative event becomes inevitable or there are enough warning signs to trigger a contingency response.

Pitfalls to avoid when creating your business contingency plan

Not budgeting for your business contingency plan.

A contingency plan has to include a contingency fund, which sets aside a certain amount of resources (e.g., money, people, time) to cover unanticipated costs. It’s a good idea to decide this amount with your team or other stakeholders beforehand to prevent future disputes.

Resist the temptation to cut these funds even in times of a budget crunch. If something does go wrong, you will need to explain to management what happened to your contingency plan.

Not having enough support

Although contingency planning sounds like a good idea, not everyone will agree that it’s necessary. Before you start doing anything, find out how open-minded the stakeholders at your company are. If you cannot identify enough executives who think it’s important, don’t waste your time and effort to create one.

Not updating contingency plans

Contingency plans need to be updated regularly to account for new risks, changes in government policies, and shake-ups in organizational structure. In short, they need to remain current and evergreen. Schedule reminders a couple of times each year to review the existing plan and make changes if necessary.

Your contingency planning process in 10 steps

Step 1: create a contingency planning policy statement.

A contingency plan policy statement is a formal document that outlines the contingency objectives for your organization, such as getting back to normal operations by a certain time. A policy statement also expresses the authority and gives the guidance necessary for stakeholders to create a contingency plan.

Essentially, this should answer the questions “what is contingency planning?” “how should I go about doing this?” and “what can stakeholders expect from a contingency plan?”

Step 2: Carry out a business impact analysis

A business impact analysis (BIA) is used to determine the potential impact, both operational and financial, of a disruptive event in your organization. By doing so, you will be able to recognize the systems, components, and processes that are vital to your business functions, and therefore identify your recovery priorities in the event of an emergency.

Step 3: Conduct a full risk assessment

Every organization has its unique set of potential risks, which can be identified with a risk assessment. Having implemented a BIA, you will now know what your business-critical operations are. To get even more ideas, schedule a brainstorming session with your executive team and/or other stakeholders.

After this, you then need to identify the threats that could harm each of these operations—for example, a technical glitch or a change in business regulations. Once all this data has been collected, put it in a risk register—a risk chart that enables you to track your risks and any information you need to know about them.

Step 4: Classify the key risks to your business

Once you have all your potential risks, it’s time to evaluate how they might impact your organization. Ask yourself the following key questions:

• What is the likelihood that these risks will happen?
• How would these risks impact your business?
• What is the level of severity for each risk?

One way to rank risks is to use a qualitative risk assessment , which orders each risk according to its probability of taking place as well as its potential impact. Another common method is the quantitative risk assessment , which estimates how much each risk might cost your business and ranks the results from most to least costly.

Step 5: Draft contingency plans for prioritized risks

You’ll now start to create a contingency plan for the highest priority risks to your organization, namely those that are most likely to occur and cause the most damage. Outline the actual actions needed to confront a disaster and include preventive controls that can reduce the effects of disruptions.

An example of a modern, detrimental event for most companies would be an information systems breach. Preventive controls for this situation would be to invest in a good-quality antivirus software, make sure your software is regularly updated, create strong passwords, and have files backed up on-premises.

As for the actual plan, these contingency strategies and procedures are usually tailored to the system’s security impact level and recovery requirements.

Step 6: Get buy in from stakeholders

After creating a first draft of your contingency plan, it’s time to get stakeholder approval. Given that contingency plans usually involve employees and management across your company, it will be extremely difficult to implement them without adequate support. Getting approval well in advance also means that plans can be put into action right after an incident occurs.

Step 7: Distribute your contingency plans and make them easily accessible for your entire organization

Contingency plans are usually department-wide or company-wide. By putting them in a shared public folder with a clear document name, you are ensuring that everyone will have easy access to them in case of an emergency.

Step 8: Train your employees

Having laid all the groundwork, you can move on to the execution stage. It’s essential that the parties who have roles in your contingency plan know what their responsibilities are in each risk scenario. Once everyone has been appropriately trained, each of them will be prepared to act quickly in the event of an emergency.

Training should also be given to new employees so they know what contingency planning is, what it entails, and what they might have to prepare to do in the future.

Step 9: Put your contingency plans to the test

In the event of a real disaster, would your contingency plans be effective? There is only one way to find out—and that is through plan testing. Set aside time to run through the procedures for each contingency plan as if each emergency scenario were really taking place.

Not only will this validate the recovery capabilities of each plan, but it will also show if there are any deficiencies or gaps, which can then be improved upon.

Step 10: Continually review and revise your contingency plans

Smart managers know that it is not enough to just create a contingency plan. Plan maintenance is more difficult, and it takes more effort—but that’s what makes it all the more critical. Risk management is an ongoing process, and you need to keep your plan up-to-date when risks or business requirements change.

Ensure your business continuity first, thank us later

Comprehensive contingency planning will make sure that you are prepared to deal with all the risks that come with running a business. Be it natural disasters, workplace accidents, financial instability, malware—these are only the tip of the iceberg of things that can go wrong. But, with a tested contingency plan, you can effectively prepare for whatever may come your way.

• Starting a Business
• Growing a Business
• Small Business Guide
• Business News
• Science & Technology
• Money & Finance
• For Subscribers
• Write for Entrepreneur
• Tips White Papers
• Entrepreneur Store
• United States
• Asia Pacific
• Middle East
• South Africa

Copyright © 2024 Entrepreneur Media, LLC All rights reserved. Entrepreneur® and its related marks are registered trademarks of Entrepreneur Media LLC

Why Having a Contingency Plan Is So Important — and How to Develop an Effective One Let's discuss the importance of contingency planning, what a comprehensive contingency plan should include and how to implement one effectively.

By Greg Davis Edited by Chelsea Brown Apr 27, 2023

Opinions expressed by Entrepreneur contributors are their own.

In today's ever-changing business environment, business owners, entrepreneurs and franchise owners need to be prepared for the unexpected. Contingency planning is a critical component of business growth, enabling organizations to minimize disruptions and recover quickly from unforeseen events.

In this article, we will discuss the importance of contingency planning, the key elements of a comprehensive plan and how to implement a contingency plan effectively. By taking proactive steps to prepare for potential challenges, businesses can build resilience and ensure continued growth and success.

Related: 4 Ways to Prepare Now so Your Business Survives the Unexpected Later

Why contingency planning matters

Disruptions can come in many forms, from natural disasters to cybersecurity breaches, equipment failures or even changes in the competitive landscape. Without proper planning, these events can have a devastating impact on a business's operations, finances and reputation. Contingency planning helps businesses minimize the impact of disruptions, maintain operational continuity and recover more quickly from setbacks. This resilience is crucial for business growth, as it enables organizations to adapt to changing conditions and capitalize on new opportunities.

Elements of a comprehensive contingency plan

Developing an effective contingency plan involves several key steps:

Step 1: Identify potential risks and vulnerabilities

The first step in creating a contingency plan is to identify potential risks and vulnerabilities that could impact your business. This includes both internal and external factors, such as natural disasters , equipment or network failures, supply chain disruptions, cybersecurity breaches, changes in the landscape or the loss of key personnel. By identifying potential threats, businesses can better understand their exposure and develop targeted strategies to address these risks.

Step 2: Develop response strategies

Once potential risks have been identified, businesses should develop response strategies to mitigate the impact of these events. This may involve developing alternative suppliers, establishing backup systems or processes or implementing new security measures. Response strategies should be tailored to the specific risks faced by the business and should take into account factors such as the likelihood of the event occurring, the potential impact on operations and the resources required to implement the strategy.

Step 3: Establish a communication plan

In the event of a disruption, clear communication is essential to ensure that all stakeholders, including employees, customers and suppliers, are aware of the situation and know what steps are being taken to address the issue. A comprehensive communication plan should outline how the information will be shared, who will be responsible for providing updates and what channels will be used to communicate with different stakeholders.

Step 4: Train employees and build awareness

For a contingency plan to be effective, employees need to be aware of the potential risks facing the business and understand their roles and responsibilities in the event of a disruption. This may involve training employees in new processes or procedures, providing guidance on emergency response protocols or conducting regular drills to ensure that all team members are prepared to act quickly and effectively in the event of a crisis.

Step 5: Review and update the plan regularly

As the business environment continues to evolve, it is essential that contingency plans are regularly reviewed and updated to reflect changes in the company's operations, industry dynamics or the broader economic landscape. This may involve conducting periodic risk assessments, updating response strategies or refining communication protocols to ensure that the plan remains relevant and effective.

Related: 5 Reasons Why You Should Create an Emergency Response Program for Your Business

Implementing a contingency plan

With a comprehensive contingency plan in place, businesses can take steps to minimize the impact of disruptions and maintain operational continuity . Key steps in the implementation process include:

Developing an action plan

An action plan should outline the specific steps that will be taken to address each identified risk, including timelines, resources and responsibilities. This plan should be clear, concise and easily accessible to all team members, ensuring that everyone understands their role in the event of a disruption .

Allocating resources

Contingency planning may require the allocation of resources, such as budget, personnel or equipment, to implement response strategies effectively. Businesses should prioritize resources based on the likelihood and potential impact of each identified risk, ensuring that the most critical vulnerabilities are addressed first.

Testing and refining the plan

Once the plan has been developed, it is essential to test its effectiveness through simulation exercises, drills or other means. This will help identify any weaknesses or gaps in the plan and enable the business to refine its strategies accordingly. Regular testing also helps ensure that employees are familiar with the plan and prepared to act in the event of a disruption.

Monitoring the environment and adapting

Contingency planning is an ongoing process that requires businesses to monitor changes in their operating environment and adapt their strategies accordingly. This may involve updating the plan to address new risks, adjusting response strategies in light of changing circumstances, or reallocating resources as needed. By staying attuned to the evolving business landscape, organizations can remain agile and resilient in the face of uncertainty .

Contingency planning is a critical component of business growth, enabling organizations to navigate the unexpected and maintain operational continuity in the face of disruptions. By identifying potential risks, developing targeted response strategies and implementing a comprehensive plan, businesses can build resilience and drive continued success. As the business environment continues to evolve, contingency planning will remain a vital tool for business owners, entrepreneurs and franchise owners seeking to capitalize on new opportunities and protect their organizations from unforeseen challenges .

Related: How to Create a Disaster Plan for Your Business

Entrepreneur Leadership Network® Contributor

CEO of Bigleaf Networks

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick Red Arrow

• Lock The Average American Can't Afford a House in 99% of the U.S. — Here's a State-By-State Breakdown of the Mortgage Rates That Tip the Scale
• Richard Branson Shares His Extremely Active Morning Routine : 'I've Got to Look After Myself'
• Lock This Flexible, AI-Powered Side Hustle Lets a Dad of Four Make $32 an Hour , Plus Tips: 'You Can Make a Substantial Amount of Money'
• Tennis Champion Coco Gauff Reveals the Daily Habits That Help Her Win On and Off the Court — Plus a 'No Brainer' Business Move
• Lock 3 Essential Skills I Learned By Growing My Business From the Ground Up
• 50 Cent Once Sued Taco Bell for $4 Million. Here's How the Fast-Food Giant Got on the Rapper's Bad Side .

Most Popular Red Arrow

Wells fargo analysts tested 75 bowls at chipotle — and the portion sizes were wildly inconsistent.

Zachary Fadem and a team of analysts ordered the same bowl 75 times at eight different NYC restaurants.

Mark Zuckerberg Sounds Off on Developing AI: 'I Don't Think AI Technology Is a Thing That Should Be Hoarded'

Meta's CEO spoke about AI's future during an interview with YouTuber, Kalloway.

Warren Buffett Just Changed Up His Will and Locked Out the Bill & Melinda Gates Foundation

Buffett still donated over nine million Berkshire Hathaway shares to the foundation, but the contributions will only continue during his lifetime.

Swae Lee: From McDonald's to McMillions in Entrepreneurship and Records Sold

This podcast is a fun, entertaining and informative show that will teach you how to succeed and achieve your goals with practical advice and actionable steps given through compelling stories and conversations with Clinton and his guests.

The One Secret Ingredient That Turned This Healthy Chocolate Bar Into a Breakout Success

In a crowded market, Mid-Day Squares has discovered a superpower to help it stand out.

A Buddy's Franchise is Built for Success in a Recession Resistant Industry

Over the past six decades Buddy's has refined a proven operating model and established relational equity with its customers. With best-in-class training, support and service, franchisees have peace of mind knowing that they are being set up for success.

Successfully copied link

The Essentials of Contingency Planning and Estimating Contingency for Any Project

By Kate Eby | April 3, 2023

• Share on Facebook
• Share on LinkedIn

Link copied

Contingency planning helps your project team deal with project risks if they happen. We’ve gathered expert tips on creating effective contingency plans and the best tools to help determine the appropriate amount of contingency for any project. 

Included on this page, you’ll find step-by-step guidance to prepare a contingency plan , the top challenges in preparing and using contingency plans , and information on how to determine the right amount of contingency for a project . In addition, you can find a downloadable project contingency plan template to help get you started.

What Is Contingency Planning in Project Management?

Contingency planning is what your project team does to prepare for specific risks that might happen during a project. A contingency plan might include extra funds, extra staff, or steps to take if a particular issue arises. 

Contingency planning is “surviving disruptions,” says Erika Andresen, a business continuity and resilience expert, author, and Founder of EaaS Consulting . “It’s determining the priorities and making strategic decisions about how and when and where you're going to spend money and time in order to prepare for those things.”

“I consider it to be the ‘what if?’” says Melody Smith, a human resources and information systems consultant and CEO and Principal Consultant with New Jersey-based CAM Consulting Solutions . “I am the ‘what if?’ person. It drives people crazy. What if this happens? It may not; let's hope it doesn't. But it is being prepared to know that something is always going to happen, and because something is going to happen, you want to be able to have a plan of attack on how to address it, as far as making sure you have enough resources.”

What Is Project Contingency?

Project experts usually refer to project contingency as the resources set aside as part of contingency planning. These are extra financial or staff resources or extra project time that your team might need to use if a risk happens.

One form of project contingency is cost contingency . These are extra funds allotted to the project for the team to spend if certain risks happen. Another more common form of project contingency is contingency time . This is extra time built into a project schedule to account for project risks.

Experts say that project contingency, both contingency time and cost contingency, is needed in all but the smallest projects.

What Is Contingency Time in Project Management?

Contingency time is extra time that project leaders build into the overall schedule of a project. The project team can use this extra time to deal with the impacts of certain risks and avoid missed deadlines or contract penalties.

Experts sometimes use other terms that mean the same thing as contingency tim e, such as schedule contingency, time contingency, schedule buffer, schedule margin, and schedule float .

“Very rarely do most projects deliver on time,” says Diane Davidson, Owner of Clever Fox Advisory , a strategic planning consultancy focused on improving finance operations. “Now, I'm not talking years late, but there’s typically at least a week or two-week delay. Something always comes up. Somebody who's very important goes on vacation.”

Davidson says she builds in contingency time on almost all projects. “If we finish early, before using all contingency time, great! We save money on the project,” she says. “But if we don't finish early, then you don't have to worry about me coming back to you to say, ‘Hey, I need more money to finish this project.’ The project will still finish on budget.”

Dos and Don’ts for Establishing Contingency Time in a Project Schedule

Experts recommend a number of best practices for establishing contingency time in a project schedule. Many of these practices focus on ensuring that contingency time is visible in the project schedule. This helps the team use contingency time appropriately.

Here is the correct way to establish contingency time:

• Conduct Risk Analysis: Your team should establish contingency time based on a detailed and formal analysis of risks and how they might impact the schedule.
• Make Contingency Time Visible in the Project Schedule: Contingency time must be visible in the project schedule. You can add it to specific project phases or to the overall project. Either way, set aside a specific amount of time, usually in days or weeks, and label it as contingency time .

Experts also warn of common pitfalls with contingency time. Here are some practices to avoid when adding contingency time to your project schedule:

• Hiding Contingency Time: Team members should always clearly label contingency time in the project schedule. Never lengthen certain phases of a project — or an entire project schedule — without identifying what parts of that schedule the team considers to be contingency time. In other words, contingency time should not be hidden.
• Confusing Contingency Time with Management Reserve: Contingency time is not the same as management reserve . Some organizations use the term management reserve to define extra time and resources that management might decide that a project or an organization needs in general. Company leaders hold these resources in reserve to account for risks that are difficult to quantify or that relate to other larger organizational issues. This is different from contingency time within a project.

How Much Contingency Should a Project Have?

Experts sometimes recommend adding a rough estimate of contingency to projects. Most often this is contingency time. When estimating the amount in this way, experts most often recommend adding 20 percent of extra time to a project for contingency. 

For example, if a project is expected to take 200 hours, the team would add an additional 40 hours for contingency time. 

Davidson says project leaders must be careful not to add too little contingency time — or contingency costs — to a project.

“I've seen where people have a 12-month project, and they’ll say: ‘We’ll build in an extra week,’” says Davidson. “Well, that’s not even a day per month. Or ‘This is a $6 million project — let's put in another $20,000. That’s two days of work for the number of people.

“Twenty percent [of added contingency] is what I've typically found,” she says.

Precise Ways to Figure Out Appropriate Contingency for a Project

For many projects, experts do not recommend using a broad contingency estimate. Instead, project leaders should estimate contingency with more precise tools. Some options include team estimates, Monte Carlo simulations, and phase contingency estimates.

Here are some more precise ways to estimate contingency time:

• Team Estimates: Project leaders can ask the project team to provide three estimates of the time they think they will need to finish a project or each stage of a project. The three estimates include the time needed if everything goes perfectly, the time needed if there are several problems and issues, and the most likely time. The project leaders can then establish a good estimate of contingency needed based on all of those estimates.
• Monte Carlo Simulations: Monte Carlo simulations are complex models that predict the probability of different outcomes based on a large number of variables. Project managers use these simulations to determine the most likely length and cost of a project. Monte Carlo simulations are highly complex, which is why they are often performed with software. Financial experts also use Monte Carlo simulations to determine the most likely possibility of how an investment might perform over time. 
• Phase Contingency Estimates: Many experts recommend that project teams make detailed estimates of contingency amounts for each major phase of a project. These estimates are based on the risks that could happen during each specific phase. The team might also establish contingency for each subphase of a project. For instance, it might establish a contingency amount for the time it will take to get permits for a construction project. “I think the most important elements of a contingency plan are to determine the project phases and pad the hours during the more complex stages of the program,” Davidson says. For a software development project, she continues, “This is typical during the development and testing phases. The planning and closing phases usually do not involve as much overhead and can be shortened as needed.” Expert Tip: Always remember to label contingency amounts as contingency time within each phase, experts say. The phase shouldn’t just be lengthened from 10 weeks to 12 weeks without indicating where contingency time has been added.

When to Use a Project Management Contingency Plan

Experts recommend creating a contingency plan for any risk that could have a significant impact on a project or organization. After your team identifies project risks and conducts a thorough risk analysis, it should begin creating a contingency plan.

It’s important to understand that contingency plans can be created only for risks that your team identifies. A contingency plan cannot be created for risks that your team has not identified or would have no ability to identify or foresee.

Contingency Plan vs. Risk Management

Project risk management is the practice of identifying, managing, and mitigating risks in projects. A contingency plan is one part of project risk management. Other parts of project risk management include creating a risk log and assigning owners to risks. 

To learn more about project risk management, see this comprehensive guide on risk management planning .

Contingency Plan vs. Mitigation Plan

Mitigation plans and contingency plans are similar but not identical. A mitigation plan helps you reduce the likelihood or impact of a risk, while a contingency plan helps you map the response to a risk once it occurs. 

In general, a contingency plan focuses on quickly and appropriately dealing with a risk after it happens, while a mitigation plan focuses on preventative measures that make a risk less impactful or less likely to occur.

Elements of a Project Management Contingency Plan

A contingency plan should have several basic elements to help your team respond to risks when they happen. Those elements include a risk probability assessment, details on triggers for an event, and an overall response strategy.

Other important elements include a timeline for the contingency plan and a plan for communicating with important organizational leaders and project team members about the specific risk and contingency plan.

Learn more about the important elements of a contingency plan in this helpful guide to contingency planning.

How to Prepare a Project Management Contingency Plan, Step by Step 

Experts recommend that your project team follow a number of basic steps to create a good contingency plan. First, identify and prioritize risks. Next, create and share your contingency plan. Finally, continually monitor and review your plan. 

Here are the main steps of preparing a project management contingency plan:

• Identify the Risks: Your team will need to identify all risks that might impact your project. 
• Prioritize Risks: Your team will assess all the risks that it has identified. Determine which risks are most likely to happen or could have the largest impact on the project, and use these findings to organize risks from highest to lowest priority. .
• Create a Plan: Your team will create a detailed contingency plan to deal with any risks that your team identifies as important. The plan should include how your team will address the risk when it happens. It will also assign responsibilities for tasks as part of the plan. 
• Share the Plan: Once a tentative plan has been created, your team will share it with external stakeholders and team members. Review their input or suggestions as you improve the plan.
• Continually Monitor and Review the Plan: Though your plan might be finalized and approved at the beginning of the project, it could still change. As a project progresses, new risks will arise, and risk priorities will shift. Your team should continually review the contingency plan and make changes where needed.

Project Management Contingency Plan Template Example

Download a Blank Project Management Contingency Plan Template for Excel | Google Sheets

Download a Project Management Contingency Plan Example for Excel | Google Sheets

Download this completed example project management contingency plan to help you understand contingency plans. You can use this example plan template — with sections on contingency assessment, contingency analysis and evaluation, and mitigation measures — to write a contingency plan for risks in your own project.

Why Are Contingency Plans Important in Project Management?

Contingency plans are vital for managing any project that involves risk. When project managers create contingency plans, they prevent negative risks from derailing or significantly hampering the progress of a project. 

Here are a few of the basic reasons contingency plans are an important part of project management:  

• They Show Your Team’s Complete Preparation: Contingency plans show stakeholders and project team members that your team is fully prepared to deal with important risks. “I think there’s no project, no activity, nothing that goes as we plan,” Davidson says. “I think we have to understand that it's very nearsighted to take a project, no matter what the duration is, and say, ‘Oh, everything is going to be a sunny day scenario.’ It’s not showing that I'm a really good project manager. A great project manager knows things are going to go off the rails. With people, maybe there’s a learning curve. Maybe people aren't picking things up as quickly — which is fine — so I build time in to assist with that. That's just showing that I understand how to run a project.”
• They Lower the Risk of a Project Derailing: When risks occur, they can endanger the progress or success of a project. Contingency plans help your team ensure that won’t happen to your project, even when risks occur. “If you have this contingency plan and are able to start to see that things are maybe starting to unravel a bit, the Debbie Downer comes out and you're able to say, ‘We may want to have someone available over the holiday because something may not work,’” says Smith. “You're more forward-thinking. You're saving time, you're saving money, and you're saving resources.”

Challenges of Contingency Planning in Project Management

Although contingency planning has many benefits, some project teams will face challenges when creating and using contingency plans. Challenges include getting buy-in from organizational leaders, being overconfident in an initial plan, and following through on contingency plans.

Here are some common challenges project managers might face during contingency planning:

• Teams View Contingency Planning as Low Priority: Some people in organizations view contingency planning as a low priority in comparison with other project management work. Project leaders often need to convince them of the importance of contingency planning. “The line I like to use — that I took from somebody else — is, ‘Planning is hard. Explaining why you didn’t is even harder,’” says Andresen. “Because, yes, it's a pain in the butt to do the plan.” But worse, she says, is when a risk becomes a real issue and an important stakeholder asks: “You didn’t even think about this? You kind of knew this was going to happen, or that this was even potentially going to happen, and you decided not to do anything about it?”
• Organizational Leaders Don’t Prioritize Contingency Planning: Even organizational leaders sometimes don’t understand the importance of contingency planning. Project leaders must work to get buy-in from company leaders and sometimes convince them of the need for contingency budgets. “That's always been my challenge,” Smith says. “How do you influence somebody — the people who have the money, the CEOs, or even the head of departments — that we need this? All they're telling you is, ‘You have to make it work.’ I think that's the piece that's always driven me crazy.”
• The Team Is Overconfident in Plan A: When your project team is very confident in your overall project plan, they may believe that there’s no need to prepare for certain risks. That can make it difficult for them to work on and support good contingency planning.
• The Team Spends Too Little Time Identifying Important Risks: Contingency planning doesn’t work when your team doesn’t identify real risks to worry about, of course. Your team must fully examine all possible risks, decide which are most important, and make plans to deal with them.
• The Team Is Uncertain About What Resources Are Available: Teams might have challenges in understanding how to plan for potential risks and issues if they don’t understand the resources available to help deal with those issues. In those cases, the team might not “really know what to put into a contingency plan,” says Smith, “because you don't know what will be available, You can think of any piece of a project that can possibly go wrong, but if you don't know what other resources you're going to have available, it's a little difficult to be able to put that together.”
• The Team Has a Plan but Doesn’t Follow It: Some organizations create a contingency plan, and when a risk becomes a reality, they frantically react and ignore the plan. It happens more often than people might think, Andresen says: “If you have a plan, follow it. Don't make the decision not to follow the plan.”

How to Manage a Contingency Budget in Project Management

It’s important to manage a contingency budget well in project management to ensure the project team has all resources it needs to complete a project successfully. Managing a contingency budget means understanding contingency reserves, contingency costs, and contingency funds. 

For more resources and information, see this guide to managing a contingency budget.

Contingency Reserve in Project Management

A contingency reserve is the amount of resources that an organization sets aside to deal with project risks. Most often, project managers allocate funds in a contingency reserve, but some managers may also include staff time.

Organizations will often use estimates and detailed calculations to determine the amount of contingency reserve they need for a project, either in costs, time, or both. 

A common method for determining the amount of contingency reserve is to calculate expected monetary value (EMV) with a quantitative risk matrix . This calculation takes the probability of a risk happening and multiplies that by the estimated financial cost of the risk happening. The calculations for each risk are added together for the total contingency reserve that would be required.

EMV = Probability x Impact 

Tip: Despite the name, expected monetary value can estimate contingency time as well as contingency cost.

The below graphic shows how a team might track its contingency reserve for a project, month by month. It would track the contingency reserve in concert with the project’s total budget and the running costs for the project.

Contingency Cost in Project Management

Contingency cost in project management is a part of the project budget  that is allocated to risk events that are not in the original cost estimate for the project. This money can help reduce the impact of known risks and compensate for unknown risks.

A Contingency Fund in Project Management

In project management, a contingency fund is the amount reserved to cover contingency costs. Also called the contingency reserve , this fund addresses contingency costs, rather than contingency time.

Building Contingency Planning into Project Teams

Project leaders should keep in mind the importance of good contingency planning as they build their project teams. For example, having a team with diverse skill sets and a mix of experience levels will help create a balanced response to risk events.

Here are a few things project managers should keep in mind when building contingency planning into project teams:

• Create a Team with Diverse Skill Sets: Project managers should consider all skills they will need for a project, including special skills that might factor into various contingency plans for the project. They’ll want to make sure they have the range of skills required for their contingency plans.
• Assemble a Team with a Mix of Experience Levels: Project managers should consider gathering both junior and senior team members for their projects. This will give them the breadth they need to deal with various risks and issues.
• Consider Team Skill Sets: Project managers will want to understand and track the exact skills of each of their team members. This will allow them to incorporate those skills into contingency plans. It will also allow them to call on the right person immediately when a risk occurs.

The Importance of Scheduling in Project Contingency Planning

Good contingency planning can happen only when project leaders are transparent and clear about project scheduling. This means clarity on time goals for various phases of the project and what contingency time might be available.

Project managers should also continually monitor the schedule, make changes when necessary, and be transparent with the entire team about those changes.

It’s especially important for project leaders to be transparent about schedule issues and changes with organizational leaders and other important stakeholders.

As a consultant in project management, Davidson says it’s important to have conversations with clients early and often about project scope, budget, and deadlines. “It's better also to prepare because the worst thing you can do is get to the fifth month and say, ‘We're not going to deliver on time,’” she says. “I see more people get in trouble because they don't have the upfront honest conversations in the beginning. They overpromise and underdeliver.”

Effectively Plan for Contingencies with Your Projects with Smartsheet

From simple task management and project planning to complex resource and portfolio management, Smartsheet helps you improve collaboration and increase work velocity -- empowering you to get more done. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.

Discover a better way to streamline workflows and eliminate silos for good.

• Search Search Please fill out this field.

What Is a Contingency?

• How It Works

Types of Contingency Plans

Special considerations, banks and contingencies, the bottom line.

• Corporate Finance

What Are Contingencies and Contingency Plans? Definition and Examples

Charlene Rhinehart is a CPA , CFE, chair of an Illinois CPA Society committee, and has a degree in accounting and finance from DePaul University.

A contingency is a potential occurrence of a negative event in the future, such as an economic recession, natural disaster, fraudulent activity, terrorist attack, or a pandemic.

Although contingencies can be prepared for, the nature and scope of such negative events are typically unknowable in advance. Companies and investors plan for various contingencies through analysis and implementing protective measures.

In finance, managers often attempt to identify and plan using predictive models for possible contingencies that they believe may occur. Financial managers tend to err on the conservative side to mitigate risk, assuming slightly worse-than-expected outcomes.

A contingency plan might include arranging a company's affairs so that it can weather negative outcomes with the least distress possible.

Key Takeaways

• A contingency is a potentially negative event that may occur in the future, such as an economic recession, natural disaster, or fraudulent activity.
• Companies and investors plan for various contingencies through analysis and implementing protective measures.
• A thorough contingency plan minimizes loss and damage caused by an unforeseen negative event.
• Contingency plans can include the purchase of options or insurance for investment portfolios.
• Banks must set aside a percentage of capital for negative contingencies, such as a recession, to protect the bank against losses.

How a Contingency Works

To plan for contingencies, financial managers may often also recommend setting aside significant reserves of cash so that the company has strong liquidity, even if it meets with a period of poor sales or unexpected expenses.

Managers may seek to proactively open credit lines while a company is in a strong financial position to ensure access to borrowing in less favorable times. For example, pending litigation would be considered a contingent liability . Contingency plans typically include insurance policies that cover losses that may arise during and after a negative event.

However, insurance policies may not cover all of the costs or every scenario. For example, business interruption insurance doesn't usually cover pandemics, which many businesses suffered through as a result of the coronavirus pandemic.

The Federal government had to step in and pass the  Coronavirus Aid, Relief, and Economic Security (CARES) Act , which provided financial relief to businesses, families, and local governments to stem the economic hardship caused by the pandemic. In particular, the Paycheck Protection Program (PPP) offered $349 billion in aid to small businesses to help them maintain their payroll and expenses.

Insurance companies might also limit coverage or put exclusions in place for an act of God, which is an exogenous event, meaning outside of human control, such as a flood or an earthquake. Also, insurance can't replace the customers that were lost to competitors due to an event, particularly if it was an internal systems issue such as a data breach.

As a result, businesses need to have contingency plans established to help minimize the lost revenue and increased costs that are involved when business operations have been disrupted. Typically, business consultants are hired to ensure contingency plans consider a large number of possible scenarios and provide advice on how to best execute the plan.

Contingency plans are utilized by corporations, governments, investors, and central banks, such as the Fed. Contingencies can involve real estate transactions, commodities, investments, currency exchange rates, and geopolitical risks.

Protecting Assets

Contingencies might also include contingent assets , which are benefits (rather than losses) that accrue to a company or individual given the resolution of some uncertain event in the future. A favorable ruling in a lawsuit or an inheritance would be an example of contingent assets.

Contingency plans might involve purchasing insurance policies that pay cash or a benefit if a particular contingency occurs. For example, property insurance might be purchased to protect against fire or wind damage.

Investment Positions

Investors protect themselves from contingencies that could lead to financial losses related to investing. Investors might employ various hedging strategies such as stop-loss orders, which exit a position at a specific price level.

Hedging can also involve using options strategies, which is akin to buying insurance whereby the strategies earn money as an investment position loses money from a negative event.

The money earned from the options strategy completely or partially offsets the losses from the investment. However, these strategies come at a cost, usually in the form of a premium, which is an upfront cash payment.

Investors also employ asset diversification , which is the process of investing in various types of investments. Asset diversification helps to minimize risk if one asset class, such as stocks, declines in value.

Contingent Immunization

Contingent immunization is a type of contingency plan used in fixed-income investing. It involves the fund manager switching to a defensive position if the portfolio drops below a predetermined value.

Business Continuity and Recovery

As part of a contingency plan for disasters, such as a pandemic, companies need to plan ahead to ensure that the business can operate during and after an event. This type of contingency plan is often called a business continuity plan (BCP) or a business recovery plan.

Typically, a business continuity team is formed to plan for any possible contingencies and manage the continuity and recovery plan during a disruption . Businesses need to identify their critical business functions and perform an analysis of how an event might impact the company's operations and processes.

The contingency plan would include implementing the recovery of critical business functions such as systems, production, and employee access to technology such as computers.

For example, a contingency plan for a pandemic would include developing a remote work strategy to help prevent the spread of disease and provide employees with secure access to their work.

As a result, companies would need to invest in technology, which could include providing laptops and video-conferencing access to employees, creating cloud-based data storage, and facilitating access to company-wide communications such as email and internal data.

Cybersecurity

With any type of disaster, cybercriminals often try to take advantage of a crisis to hack into a company’s systems and steal data or disrupt business operations. Contingency plans are used to outline the procedures for cybersecurity teams to protect an organization from threats and malicious attacks.

A contingency plan should also prepare for the loss of intellectual property through theft or destruction. As a result, backups of critical files and computer programs, as well as key company patents, should be maintained in a secure off-site location.

Contingency plans need to prepare for the possibility of operational mishaps, theft, and fraud. A company should have an emergency public relations response relating to possible events that have the ability to severely damage the company’s reputation and its ability to conduct business.

How a company is reorganized after a negative event should be included in a contingency plan. It should have procedures outlining what needs to be done to return the company to normal operations and limit any further damage from the event.

For example, financial services firm Cantor Fitzgerald was able to resume operation in just days after being crippled by the 9/11 terrorist attacks due to having a comprehensive contingency plan in place.

Benefits of a Contingency Plan

A thorough contingency plan minimizes loss and damage caused by an unforeseen negative event. For example, a brokerage company may have a backup power generator to ensure that trades can be executed in the event of a power failure, preventing possible financial loss.

A contingency plan can also reduce the risk of a public relations disaster. A company that effectively communicates how negative events are to be navigated and responded to is less likely to suffer reputation damage.

A contingency plan often allows a company affected by a negative event to keep operating. For example, a company may have a provision in place for possible industrial action, such as a strike, so obligations to customers are not compromised.

Companies that have a contingency plan in place may obtain better insurance rates and credit availability because they are seen to have reduced business risks.

As a result of the financial crisis of 2008 and the Great Recession , regulations were implemented requiring bank stress tests to be performed to test how a bank might handle various negative contingencies. The stress tests project how much a bank would lose—if a negative economic event occurred—to determine if the bank has enough capital or funds set aside to survive the event.

Banks are required to have a specific percentage of capital reserves on hand, depending on the total risk-weighted assets  (RWAs). These assets, which are typically loans, have various risk weightings applied to them.

For example, a bank's mortgage portfolio might receive a 50% weighting, meaning the bank—in a negative scenario—should have enough capital that's valued at 50% of the outstanding mortgage loans.

The capital, called Tier-1 capital , can include equity shares or shareholders' equity and retained earnings, which are accumulated savings of prior years' profits. Although there are various components that go into the tier-capital ratio requirement, the ratio has to be at least 6% of the total risk-weighted assets.

Let's say as an example, Bank XYZ has $3 million in retained earnings and $4 million in shareholders' equity, meaning the total tier-1 capital is $7 million. Bank XYZ has risk-weighted assets of $70 million. As a result, the bank's tier-1 capital ratio is 10% ($7 million/$70 million). Since the capital requirement is 6%, the bank is considered well-capitalized when compared to the minimum requirement.

Of course, we won't know if the banking sector's contingency plan will be adequate until another recession occurs, which is a limitation of these plans since it's difficult to plan for every contingency.

Why Is an Environmental Contingency Plan Important?

Businesses that are at risk for environmental accidents–particularly spills of hazardous materials–should always have a plan in place detailing their response actions. Being prepared can help minimize the total damage done to the environment, minimize accident-related costs, and limit liability.

What Is Contingency Theory?

Contingency theory is an approach to management that suggests the best way to run an organization is dependent, or contingent, on that particular situation. In other words, a specific management style can work well in one company and fail completely in another one.

What Are the Steps in Creating a Contingency Plan?

To create a contingency plan, first, identify the key risks to your business and order them in regard to the likelihood of occurring and severity. Next, conduct a business impact analysis (BIA). From there, start shaping your plan, which should include preventive controls, an incidence response plan, a disaster recovery plan, and a business continuity plan. Make sure to provide training to employees, frequent testing, and updating of your plan.

A contingency is a potentially negative future event or circumstance, such as a global pandemic, natural disaster, or terrorist attack. By designing plans that take contingencies into account, companies, governments, and individuals are able to limit the damage done by such events.

U.S. Congress. " H.R.748 - CARES Act ."

Cornell Law School. " Minimum Capital Requirements ."

• Terms of Service
• Editorial Policy
• Privacy Policy

• (888) 244-1912
• [email protected]

• Understanding Business Continuity vs BDR: A Guide
• About Invenio IT
• Business Continuity

7 Real-Life Business Continuity Plan Examples You’ll Want to Read

• May 13, 2024
• 11 min read

It’s no secret that we believe in the importance of disaster preparedness and  business continuity  at every organization. But what does that planning actually look like when it’s put to the test in a real-world scenario?

Today, we look at 7 business continuity examples to show how organizations have worked to minimize downtime (or not) after critical events.

Business Continuity Examples & Failures

1) ransomware disrupts ireland’s healthcare system.

For years, healthcare organizations have been a top target for ransomware attacks. The critical nature of their operations, combined with notoriously lax IT security throughout the industry, are a magnet for ransomware groups looking for big payouts.

But despite the warnings, healthcare orgs still remain vulnerable. A prime example was the 2021 ransomware attack on Ireland’s healthcare system (HSE) – the fallout from which was still being felt nearly a year later.

According to reports, the attack had a widespread impact on operations:

• Dozens of outpatient services were shut down
• IT outages affected at least 5 hospitals, including Children’s Health Ireland (CHI) at Crumlin Hospital
• Employee payment systems were knocked offline, delaying pay for 146,000 staff
• Covid-19 test results were delayed and a Covid-19 vaccine portal went offline
• Appointments were canceled across numerous facilities and medical departments
• Near-full recovery and restoration of all servers and applications took more than 3 months

All told, the attack was projected to cost more than $100 million in recovery efforts alone. That figure does not include the projected costs to implement a wide range of new security protocols that were recommended in the wake of the attack.

Like several of the business continuity examples highlighted below, the Ireland attack did have some good disaster recovery methods in place. Despite the impact of the event, there were several mitigating factors that prevented the attack from being even worse, such as:

• Once the attack was known, cybersecurity teams shut down more than 85,000 computers to stop the spread.
• Disaster recovery teams inspected more than 2,000 IT systems, one by one, to contain the damage and ensure they were clean.
• Cloud-based systems were not exposed to the ransomware.

However, there was some luck involved.

As HSE raced to contain the damage from the attack and secured a High Court Injunction to restrain the sharing of its hacked data, the attackers suddenly released the decryption key online. Without that decryption, HSE would  not  have had adequate data backup systems to recover from the attack. As the group concluded in its  post-incident review :

“It is unclear how much data would have been unrecoverable if a decryption key had not become available as the HSE’s backup infrastructure was only periodically backed up to offline tape. Therefore it is highly likely that segments of data for backup would have remained encrypted, resulting in significant data loss. It is also likely to have taken considerably longer to recover systems without the decryption key.”

2) The city of Atlanta is hobbled by ransomware

There has been no shortage of other headline-making ransomware attacks over the last few years. But one that stands out (and whose impact reverberated for at least a year after the incident) was the March 2018 SamSam  ransomware attack on the City of Atlanta .

The attack devastated the city government’s computer systems:

• Numerous city services were disrupted, including police records, courts, utilities, parking services and other programs.
• Computer systems were shut down for 5 days, forcing many departments to complete essential paperwork by hand.
• Even as services were slowly brought back online over the following weeks, the full recovery took months.

Attackers demanded a $52,000 ransom payment. But when all was said and done, the full impact of the attack was projected to cost more than $17 million. Nearly $3 million alone was spent on contracts for emergency IT consultants and crisis management firms.

In many ways, the Atlanta ransomware attack is a lesson in inadequate business continuity planning. The event revealed that the city’s IT was woefully unprepared for the attack. Just two months prior, an audit found 1,500 to 2,000 vulnerabilities in the city’s IT systems, which were compounded by “obsolete software and an IT culture driven by ‘ad hoc or undocumented’ processes,” according to  StateScoop .

Which vulnerabilities allowed the attack to happen? Weak passwords, most likely. That is a common entry point for SamSam attackers, who use brute-force software to guess thousands of password combinations in a matter of seconds. Frankly, it’s an unsophisticated method that could have been prevented with stronger password management protocols.

Despite the business continuity missteps, credit should still be given to the many IT professionals (internal and external) who worked to restore critical city services as quickly as possible. What’s clear is that the city did have  some  disaster recovery procedures in place that allowed it to restore critical services. If it hadn’t, the event likely would have been much worse.

3) Fire torches office of managed services provider (MSP)

Here’s an example of business continuity planning done right:

In 2013, lightning struck an office building in Mount Pleasant, South Carolina, causing a fire to break out. The offices were home to Cantey Technology, an IT company that hosts servers for more than 200 clients.

The fire torched Cantey’s network infrastructure, melting cables and burning its computer hardware. The equipment was destroyed beyond repair and the office was unusable. For a company whose core service is hosting servers for other companies, the situation looked bleak. Cantey’s entire infrastructure was destroyed.

But ultimately, Cantey’s clients never knew the difference:

• As part of its business continuity plan, Cantey had already moved its client servers to a remote data center, where continual backups were stored.
• Even though Cantey’s staff were forced to move to a temporary office, its clients never experienced any interruption in service.

It was an outcome that could have turned out very differently. Only five years prior, the company had kept all of its client servers on site. But founder Willis Cantey made the right determination that this setup created too many risks. All it would take is one major on-site disruption to wipe out his entire business, as well as his clients’ businesses, potentially leaving him exposed to legal liabilities as well.

Cantey thus implemented a more comprehensive business continuity plan and moved his clients’ servers off-site. And in doing so, he averted disaster. This makes for an excellent business continuity plan case study that demonstrates how proper planning can significantly reduce the risk of a major operational disruption.

4) Computer virus infects UK hospital network

In another  post , we highlighted one of the worst business continuity examples we saw in 2016 – before ransomware had become a well-known threat in the business community.

On October 30, 2016, a nasty “computer virus” infected a network of hospitals in the UK, known as the Northern Lincolnshire and Goole NHS Foundation Trust. At the time, little was known about the virus, but its impact on operations was devastating:

• The virus crippled its systems and halted operations at three separate hospitals for five days.
• Patients were literally turned away at the door and sent to other hospitals, even in cases of “major trauma” or childbirth.
• In total, more than 2,800 patient procedures and appointments were canceled because of the attack. Only critical emergency patients, such as those suffering from severe accidents, were admitted.

Remarkably, a report in Computing.co.uk speculated that there had been  no  business continuity plan in place. Even if there had been, clearly there were failings. Disaster scenarios can be truly life-or-death at healthcare facilities. Every healthcare organization must have a clear business continuity plan outlined with comprehensive measures for responding to a critical IT systems failure. If there had been in this case, the hospitals likely could have remained open with little to no disruption.

The hospital system was initially tight-lipped about the attack. But in the year following the incident, it became clear that ransomware was to blame – specifically, the Globe2 variant.

Interestingly, however, hospital officials did not say the ransomware infection was due to an infected email being opened (which is what allows most infections to occur). Instead, they said a misconfigured firewall was to blame. (It’s unclear then exactly how the ransomware passed through the firewall—it may have come through inboxes after all.) Unfortunately, officials knew about the firewall misconfiguration before the attack occurred, which is what makes this incident a prime example of a business continuity failure. The organization had plans to fix the problem, but they were too late. The attack occurred “before the necessary work on weakest parts of the system had been completed.”

5) Electric company responds to unstable WAN connection

Here is another example of well-executed business continuity.

After a major electric company in Georgia  experienced failure  with one of its data lines, it took several proactive steps to ensure its critical systems would not experience interruption in the future. The company implemented a FatPipe WARP at its main site, bonding two connections to achieve redundancy, and it also readied plans for a third data line. Additionally, the company replicated its mission-critical servers off-site, incorporating its own site-failover WARP.

According to Disasterrecovery.org:

“Each office has a WARP, which bonds lines from separate ISPs connected by a fiber loop. They effectively established data-line failover at both offices by setting up a single WARP at each location. They also accomplished a total site failover solution by implementing the site failover between the disaster recovery and main office locations.”

While the initial WAN problem was minimal, this is a good example of a company that is planning ahead to prevent a worst-case scenario. Given the critical nature of the utility company’s services (which deliver energy to 170,000 homes across five counties surrounding Atlanta), it’s imperative that there are numerous failsafes in place.

6) German telecom giant rapidly restores service after fire

Among the better business continuity examples we’ve seen, incident management solutions are increasingly playing an important role.

Take the case of a German telecom company that discovered a dangerous fire was encroaching on one of its crucial facilities. The building was a central switching center, which housed important telecom wiring and equipment that were vital to providing service to millions of customers.

The company uses an incident management system from Simba, which alerted staff to the fire, evaluated the impact of the incident, automatically activated incident management response teams and sent emergency alerts to Simba’s 1,600 Germany-based employees. The fire did indeed reach the building, ultimately knocking out the entire switching center. But with an effective incident management system in place, combined with a redundant network design, the company was able to fully restore service within six hours.

7) Internet marketing firm goes mobile in the face of Hurricane Harvey

Research shows that 40-60% of small businesses never reopen their doors after a major disaster. Here’s an example of one small firm that didn’t want to become another statistic.

In August 2017, Hurricane Harvey slammed into Southeast Texas, ravaging homes and businesses across the region. Over 4 days, some areas received more than 40 inches of rain. And by the time the storm cleared, it had caused more than $125 billion in damage.

Countless small businesses were devastated by the hurricane. Gaille Media, a small Internet marketing agency, was  almost one of them. Despite being located on the second floor of an office building, Gaille’s offices were flooded when Lake Houston overflowed. The flooding was so severe, nobody could enter the building for three months. And when Gaille’s staff were finally able to enter the space after water levels receded, any hopes for recovering the space were quickly crushed. The office was destroyed, and mold was rampant.

The company never returned to the building. However, its operations were hardly affected.

That’s because Gaille kept most of its data stored in the cloud, allowing staff to work remotely through the storm and after. Even with the office shuttered, they never lost access to their critical documents and records. In fact, when it came time to decide where to relocate, the owner ultimately decided to keep the company decentralized, allowing workers to continue working remotely (and providing a glimpse of how other businesses around the world would similarly adapt to disaster during the Covid-19 pandemic three years later).

Had the company kept all its data stored at the office, the business may never have recovered.

Examples of business continuity failures

Some of the real-life business continuity examples above paint a picture of what can go wrong when there are lapses in continuity planning. But what exactly do those lapses look like? What are the specific mistakes that can increase a company’s risk of disaster?

Here are some examples of business continuity failures due to poor planning:

• No business continuity plan: Every business needs a BCP that outlines its unique threats, along with protocols for prevention and recovery.
• No risk assessment: A major component of your BCP is a risk assessment that should define how your business is at risk of various disaster scenarios. We list several examples of these risks below.
• No business impact analysis: The risk assessment is useless without an analysis of how those threats actually affect the business. Organizations must conduct an impact analysis to understand how various events will disrupt operations and at what cost.
• No prevention: Business continuity isn’t just about keeping the business running in a disaster. It’s about risk mitigation as well. Companies must be proactive about implementing technologies and protocols that will  prevent  disruptive events from occurring in the first place.
• No recovery plan:  Every disaster scenario needs a clear path to recovery. Without such protocols and systems, recovery will take far longer, if it happens at all.

Examples of threats to your business continuity

It’s important to remember that business-threatening disasters can take many forms. It’s not always a destructive natural disaster. In fact, it’s far more common to experience disaster from “the inside” – events that hurt your productivity or affect your IT infrastructure and are just as disruptive to your operations.

Example threats include:

• Cyberattacks
• Malware and viruses
• Network & internet disruptions
• Hardware/software failure
• Natural disasters
• Severe weather
• Flooding (including pipe bursts)
• Terrorist attacks
• Office vandalism/destruction
• Workforce stoppages (transportation blockages, strikes, etc.)

The list goes on and on. Any single one of these threats can disrupt your business, which is why it’s so important to take continuity planning seriously.

Business continuity technology

Within IT, data loss is often the primary focus of business continuity and disaster recovery (BC/DR). And for good reason …

Data is the lifeblood of most business operations today, encompassing all the emails, files, software and operating systems that companies depend on every day. A major loss of data, whether caused by ransomware, human error or some other event, can be disastrous for businesses of any size.

Backing up that data is thus a vital component of business continuity planning.

Today’s  best data backup systems  are smarter and more resilient than they were even just a decade ago. Solutions from Datto, for example, are built with numerous features to ensure continuity, including hybrid cloud technology (backups stored both on-site and in the cloud), instant virtualization, ransomware detection and automatic backup verification, just to name a few.

Like other BC initiatives, a data backup solution itself won’t prevent data-loss events from occurring. But it does ensure that businesses can rapidly recover data if/when disaster strikes, so that operations are minimally impacted – and that’s the whole point of business continuity.

Examples of business continuity plan

By now, you’re starting to get the picture: business continuity planning is crucial. But how do you actually create the plan? What does the document look like?

While each business’s BCP is unique to its needs, the foundation of the plan is generally the same for most organizations. The core goal is to document a company’s risks and outline what is needed to avoid an operational disruption.

Here are some examples of business continuity plan components to include in your documentation:

• Objective: Outline the key goals of the plan, especially as they relate to specific business units or systems.
• Contact Information: Include communication information for the people responsible for overseeing continuity planning or for those who will manage disaster recovery efforts.
• Risk Assessment: Outline the specific disaster scenarios that put the business at risk of an operational disruption and their likelihood of occurring.
• Business Impact Analysis: Document in clear terms how each type of disaster will affect the business, including impact on various operations, estimated recovery time and associated financial losses.
• Preventative Measures: Outline the procedures, plans and systems that will help the company minimize the risk of various disasters from occurring.
• Disaster Response Plan: Document the specific protocols that should be followed immediately following a disruption to minimize the impact.
• Business Continuity & Disaster Recovery Systems: Outline the systems and procedures that should be used to maintain continuity or recover from an outage.
• Backup Locations & Contingency Assets: Identify any secondary resources that should be leveraged if primary resources are unavailable, such as backup office spaces, servers, devices, office furniture and so on.
• Communication Plan: Outline how the organization will distribute information to employees or between recovery teams if primary communication lines are unavailable.
• Continuity Testing: Document how recovery procedures and systems in the plan should be tested to confirm they are effective, and the frequency for conducting those tests.
• Continuity Gaps & Recommendations: Be clear about any limitations in the current planning and what steps are recommended to fill those gaps.
• Plan Review & Update Schedule: Create a schedule for reviewing and updating the business continuity plan to ensure the documentation remains accurate and relevant.

Examples of business continuity plans can differ by industry, but most companies will want to incorporate all of the components above, regardless of business size or sector.

Business continuity plan case study

In February 2023, a ransomware attack struck Karmak – a prominent technology solutions provider for the trucking industry. However, the company acted quickly to contain the attack before it disrupted its operations or customers, providing a solid case study for how to maintain continuity during a cyberattack.

Karmak’s business continuity planning played a key role in averting disaster. According to an industry trade publication, Karmak had a “detailed cyberattack response plan, which went into effect immediately after the attack.” The company used security monitoring solutions to detect and thwart the attack. Plus, employees had been rigorously trained on cybersecurity and knew how to respond.

End result: Karmak contained the attack within hours, preventing customer data from breached and minimizing the impact on internal systems.

Frequently Asked Questions

1. what is an example of business continuity.

Any scenario in which a business can continue to operate through a disruptive event is an example of business continuity. For example, a company facing a ransomware attack might maintain business continuity by restoring infected files from a data backup.

2. What are examples of business continuity plans?

An example of a business continuity plan is a comprehensive document that assesses a business’s risk for operational disruptions and outlines the steps for avoiding such disruptions. Example components of the plan include a risk assessment, business impact analysis, communications plan and disaster recovery plan.

3. What is a real-life example of business continuity?

The Covid-19 pandemic illustrated many real-life examples of business continuity. Companies took several measures to continue operating during the health crisis, such as allowing employees to work from home, instituting physical distancing and providing protective equipment to critical workers.

Avert disaster with the technology your business needs

Avoid a major operational disruption with today’s best technology for business continuity, disaster recovery and cybersecurity. Schedule a meeting with one of our data-protection specialists at Invenio IT or contact us by calling (646) 395-1170 or by emailing  [email protected] .

Join 23,000+ readers in the Data Protection Forum

Related articles.

Do you know what makes Datto Encryption So Secure?

The Truth about All Datto SIRIS Models for BCDR

Where’s My Data? 411 on Datto Locations around the Globe

2023 Guide to Datto SaaS Protection for M365 and Google Workspace

5 Datto Competitors to Compare (Plus Some Free Alternatives)

Cybersecurity.

© 2023 InvenioIT. All rights reserved.

In order to continue enjoying our site, we ask that you confirm your identity as a human. Thank you very much for your cooperation.

Business contingency plan example

This business contingency plan example template can help you:

• Understand your organization's contingency plan more clearly.
• Communicate the plan to everyone who could potentially be affected.
• Prepare your organization to handle anything unexpected.

Open this template to view a detailed example of a business contingency plan that you can customize to your use case.

Related templates

API flowchart example

SDLC functional process flow example

Service industry value stream map

Personal finance flowchart example

• Currency Exchange
• Overdraft Services
• Personal Loans and Lines
• Home Equity Lines
• Credit Cards
• Online Banking
• Mobile Banking
• Security Center
• Investment Services
• International Banking
• Merchant Services
• Treasury Services
• Business Loans & Lines
• Equipment Finance
• PPP Loan Forgiveness
• Business Online Banking
• Business Mobile Banking
• Commercial Checking
• Business Savings
• Access Critical Information
• Payment Card Solutions
• Cybersecurity Awareness
• Commercial Loan Programs
• Asset Based Lending
• Derivatives
• Litigation Finance
• Government Finance
• Healthcare Banking
• Retirement Plan Services
• Institutional Services
• Corporate Trust Services
• Corporate Underwriting Services
• Goals-Based Financial Planning
• Private Banking Services
• Trust, Estates & Specialty Asset Management
• Insights Articles
• Financial Education
• Diversity, Equity & Inclusion
• Our Community Commitment
• Helping Communities Grow
• Reinvesting in Our Communities
• Environmental, Social, and Governance
• Sponsorships
• Supporting Women in Business
• Locate ATM/Branch

• Login to Account

Click "Go to Account Login" to Proceed

Forgot Password Enroll Now or Can't Log in

Enroll Now Can't Log in

Forgot Password Need to enroll?

Ensuring Resilience: Business Continuity Planning for Treasury Clients

It's that time, revisit your essential business continuity steps for this hurricane season.

The experts at the National Oceanic and Atmospheric Administration (NOAA), predict "above-normal" hurricane activity in 2024. The NOAA is forecasting four to seven major hurricanes.

So how do you protect your organization against the disruption of a hurricane this year? Central to your plan is knowing how you will regain power and internet access - critical for both obtaining account information and initiating transactions - if power is lost. That can mean designating a recovery site equipped with internet access, as well as ensuring key treasury employees can re-establish internet access, wherever they are, using a "hot spot" device.

Plan ahead and document procedures

A well-documented business continuity plan can help your organization anticipate evacuation procedures, response team, and react timely so you can resume normal business operations.  One of the first steps in developing such a plan is to conduct a detailed review of operations and document all cash flow-related processes and how a disaster would impact them.

Treasury Manager can help your business run smoothly in a disaster environment because you will have electronic access to your accounts, payables and receivables. You have complete access to all your accounts and services from either your laptop or mobile device.

Partner with your bank

Your bank can help bolster your continuity capabilities through various treasury management solutions. 

• Download the convenient Treasury Manager app which gives you the ability to utilize all the system features from anywhere— whether you’re using a mobile phone or tablet.
• Plan for remote office necessities. Make sure to bring all hardware (laptop and tokens) and software you will need to continue to do business remotely in case of evacuation.
• Make timely payments . With Treasury Manager, you can use your smartphone or other mobile device to review information, initiate and approve transactions, make payments and manage accounts anywhere you have internet access. In a disaster, you also will benefit from electronic payment origination capabilities, which aren’t subject to Postal Service delays as checks are. For example, ACH lets you directly deposit pay into employee accounts and avoid the delays that can come with distributing payroll checks.
• Collect payments . Remote and mobile deposit can enable staff to deposit checks into a bank account online, when physically transporting them to a bank branch would be challenging.
• Meet temporary financing needs . Talk to your banker about establishing a line of credit sufficient to keep your business afloat if cash flow from customer payments were to dwindle temporarily.
• Keep cash on hand . If you are a retail business with a lot of cash receipts, and you must be able to make change, plan to order extra coin and currency from your bank in advance of forecasted bad-weather events.
• Make emergency purchases . Commercial cards can enable essential personnel to cover emergency business expenses.

Test to evaluate preparedness

It’s not enough to draw up a good plan and adopt banking products that are useful in disaster situations. You also need to train appropriate staff members on every facet of your plan, so they know what to do and how to use the tools at their disposal.

Don’t wait until a disaster strikes to learn if your business continuity plan works. Test your plan regularly using a combination of informal, discussion-based meetings — sometimes called “table-top” sessions — and actual hands-on, full-scale recovery exercises.

As part of your business continuity planning, talk to a Hancock Whitney banker or Treasury Services Specialist at 1-866-594-2304 to learn more about how Treasury Manager can help.

Related Topics:

Post comments on this article

Enter your first name, email and comments below, related posts, treasury services ease transition for emerging middle-market firms.

Transitioning from a small-market to a middle-market business brings many challenges, as owners and their typically lean staffs find themselves pulled in various directions and seeking ways to operate more efficiently.

Another Fraud Threat to Protect Against: Fake Online Banking Login Pages

Sophisticated and often global criminal organizations are out to defraud your business, and their strategies are constantly evolving. One of the latest types of cyberattacks you need to be familiar with — and educate your employees about — is called “website/URL spoofing.” Cyber criminals are using this form of fraud to attack users of commercial online banking platforms.

• Company Information
• Investor Relations
• Security Tips
• ADA Compliance
• Our Associates

Hancock Whitney and the Hancock Whitney logo are federally-registered trademarks of Hancock Whitney Corporation. Copyright © 2024 Hancock Whitney Bank.

How to Build Resilient Businesses for Passive Retirement Income

Deanna Ritchie

• Managing Editor
• Posted on June 28th, 2024

These days, it’s relatively easy to start and manage an online business. That’s why so many retirees are using side businesses that generate passive income as part of their retirement plans.

However, if you want that passive income stream to continue, you’ll need to make sure your businesses are resilient.

How do you do it?

Table of Contents

The Power of Businesses for Passive Income

It’s hard to overstate just how powerful a passive income business can be for generating retirement income and generally stabilizing your financial life in retirement. The idea is to create a business entity that’s externally and independently capable of producing income indefinitely into the future – without requiring much of your time on an ongoing basis.

Depending on how strict you want to be with definitions, you may reasonably assert that there’s no such thing as a truly passive income business, as all businesses require periodic maintenance and upkeep. Still, even a “sort of” passive income business can be useful.

These are just some of the reasons why.

Broad Portfolio Diversification

A passive income business is a nice addition to your portfolio and can help you diversify your assets and income sources. You may already own dividend stocks, bonds, real estate, precious metals, and other assets, but adding a passive income generating business to the mix can function as an extra layer of security and a measure that can make your income generation even more consistent. This is especially true if you have multiple types of passive income businesses as part of your overall portfolio.

Functional Versatility

Businesses can do almost anything. You can sell products and services in almost any conceivable industry. Or, you can develop new technologies and sell them. You can buy and manage real estate as part of your business operations. And, you can even use institutional crypto trading to get exposure to the crypto market. In fact, in many cases, it’s beneficial to build a business that can do many different things, as this will allow it to generate more total income and – appealing to the main point of this article – become more resilient.

Running a business is generally stressful and time-consuming. But when you have a business capable of generating passive income, you’ll have a path to total autonomy. This makes passive income businesses especially useful for prospective retirees who plan on retiring in the near future. You can spend some of your older working years working hard to get your business up and running. When it’s time to retire, you can gradually pull out and allow the business to run on its own.

Legacy Impact

Some retirees appreciate passive income businesses because of their longevity. If you can build a business capable of lasting decades, you can include it as part of your estate and leave it to your beneficiaries. You may also enjoy the idea of leaving behind a legacy – and continuing to serve your most loyal customers.

Personal Interest

Of course, some retirees choose to establish passive income businesses out of personal interest. If you’re genuinely interested in or excited about the business itself, it will function as a kind of stimulating hobby well into your retirement. It’s a great way to stay connected, stay intellectually active, and have something interesting to do once you’re done with your primary career.

Choosing the Right Type of Business

Much of your success in this area will depend on your ability to choose the right type of business. There are many different avenues for developing businesses capable of generating passive income, but not all of them are equally resilient.

These are some of your best options, though if you exercise some creativity, you can probably generate many more ideas.

Real Estate Management

Real estate has historically been a safe, lucrative investment asset. Accordingly, you could consider creating an entire business around the acquisition or management of real estate assets.

Premium Content

Premium content is another relatively easy way to make passive income . You can create pieces of content with timeless value, and then sell them across many different outlets indefinitely. Books, lectures, and even films are just a few examples here.

Affiliate Linking

If you can build a website or platform that gets a significant amount of traffic, you can generate passive income with affiliate linking. Essentially, this means offering links to external products and services and earning a small commission for each sale you help to establish.

If you have particularly advanced knowledge or expertise in a given area, you can also build a passive income business that sells a useful course. Once the course curriculum is finalized, it can essentially run on autopilot.

If you have software development and technical expertise, you can create a business around a mobile app. Depending on the type of app you create, you can charge money for it outright or charge people for a recurring subscription or access to premium features. There’s no limit to the types of apps you can create.

The Resilience Factor

It’s not enough for a business to consistently generate passive income, though that is a great start. You also need to consider the resilience level of that business if you’re going to use it for retirement income – and especially if you’re planning on leaving the business to beneficiaries as part of your estate.

Resilience is a measure of how easily and how well a business can survive in the face of threats and risks. Every business, no matter the niche, industry, or competence of its creator, is going to face external challenges. The real question is whether your business is capable of standing up to those challenges.

Decently resilient businesses should be able to tackle small risks and periodic threats with minimal effort and a high rate of survival. But if you’re planning on living another 10, 20, 30 years or more, or if you want your business to significantly persist after you’re gone, you’ll need to spend more time and effort focusing on developing resilience.

Identify Risks and Threats

The first and arguably most important phase of this process is identifying the risks and threats that could jeopardize your business. The nature of your business will dictate what types of risks and threats are most important to consider, but these are some of the most common to identify:

Management/Leadership Issues

For many businesses that fail, the root cause can be traced back to poor management or leadership . Even if it’s functioning mostly passively, you’ll likely be the owner and primary leader of this business for the duration of your lifetime. That said, it’s still important to have good team members and consultants who can handle things in your absence and a reliable candidate to fill your shoes when you’re no longer able to conduct operations on your own.

Economic Downturns

A big economic downturn would hypothetically harm most types of businesses, but small and fragile businesses have the potential to shatter during even a moderate recession. It’s important to bolster your business’s finances so that it can continue running, even during a temporary dry spell.

New Competition

If you have the only course on the market for a given subject, you should have no trouble attracting a steady stream of customers. But what happens when someone offers a course that is better or cheaper than yours? If you want your business to be resilient, you need to have a plan for how to tackle new competition.

Evolving Technologies or Needs

Some businesses become obsolete due to evolving technologies or needs. Kodak, while not a passive income business, was an industry leader until it rigidly adhered to a technology that was quickly becoming obsolete. How can you make sure your business continues even as consumer needs and available technologies progress?

Cyberthreats

Resilience also demands your attention to possible cyberthreats. If a hacker or social engineer compromises your website, will your entire business collapse? What are the potential damages of a data breach, and how can you prevent one?

There are specific strategies that can help you guard against these risks, but also general strategies that can help you protect against all of them simultaneously. We’ll be exploring some of the most important resilience building strategies in both categories.

Diversify Your Business’s “Portfolio”

First, work on diversifying the portfolio of your business. Just as you need to diversify your investment portfolio to minimize risk, you should diversify your business operations.

Products and Services

For starters, you could offer a broader range of products and services. If changing technologies render one of your products obsolete, or if a new competitor offers a better version of your core product, having a robust selection of other products and services can help you retain most of your income.

Streams of Income

You can also diversify the streams of income that your business is capable of generating. This is very similar to offering different types of products and services, but sometimes, you can generate new streams of income without having to innovate. As a simple example, if you own a real estate management operation that keeps an apartment building running, you could install vending machines and coin-operated laundry machines to generate income on the side.

Target Markets/Customers

You may also be interested in diversifying the target markets and customers that you serve. This way, if one of your audience segments chooses an alternative competitor, or if one of those segments no longer has the financial means to pay for your products and services, your business can continue operating relatively seamlessly.

Keep in mind that most of these strategies can simultaneously improve the resilience of your business and increase the total amount of income you generate . This makes them ideal for a wide range of business-building retirees.

Additionally, if you can’t find a way to diversify these items within your main business, you may find it beneficial to diversify your business portfolio by creating multiple smaller businesses. Having three small, passive income businesses that sell different things is similar in risk to having a single passive income business that sells three different things.

Improve Visibility and Tracking

It’s a good idea to improve visibility and tracking within your organization. This is going to make it much easier to identify changing trends or worrying patterns, long before they become significant problems. Of course, the big downside here is that increased visibility and tracking is going to demand more of your time and energy, assuming you don’t already have personnel in place to handle this. Still, it’s worthwhile to put on your data analyst cap and measure everything you can to gauge the health of your business periodically.

Create Backups and Cybersecurity Strategies

Cyberthreats are rare, but they can be devastating, so it’s important to create backups and invest in cybersecurity. You should be aware of the biggest cyberthreats your business could face, and you should have strategies implemented to guard against them. Even simple upgrades, like using better passwords and installing a VPN, can benefit you. Also, you should make sure there are multiple backups of all your most important information, so if your primary sources are ever compromised, you can continue operations anyway.

Instate Good Leaders (and Plan Ahead)

Good leaders can foresee, prepare for, and overcome almost any conceivable risk or threat. That’s why it’s so important to have a good leader, as well as backup leaders, in place. Who do you trust to run things while you enjoy your retirement? Who is going to take over this business when you’re gone?

Create Contingency Plans

Finally, consider creating specific contingency plans for disaster scenarios and probable threats. For example, how would your business adapt if there was a sudden, unexpected 50 percent drop in the number of visitors to your website? In what ways can you get the edge over a new rival or competitor? If your cash flow begins to dry up, what strategies can you employ?

You don’t need to be able to predict the future. You just need to be able to speculate about the best ways to handle various threats. The more specific you are in your conceptual planning, the better.

With these strategies, you should be able to build more passive income businesses to fund your retirement – and you can make those businesses resilient. Establishing true resilience demands research, energy, and even a bit of creativity, but these upfront efforts will pay off if it means withstanding even a major single threat in your lifetime. And if you plan on leaving these business interests to your beneficiaries, they’ll thank you for creating something truly reliable and sustainable.

About Due’s Editorial Process

We uphold a strict editorial policy that focuses on factual accuracy, relevance, and impartiality. Our content, created by leading finance and industry experts, is reviewed by a team of seasoned editors to ensure compliance with the highest standards in reporting and publishing.

• business growth passive income retirement

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Top Trending Posts

How to Save Money From Your Salary

Department of Labor announces $12.7M in training grants

Drug Enforcement Administration cracks down on improper opioid prescription company

Exploring infrastructure bonds as investments

Nebraska’s Meta Materials charged for breach of federal antifraud and securities laws

The Department of the Treasury targets shadow banking group’s billions

Related Posts

How ai is revolutionizing the physical security industry.

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below…  Learn More

Ottawa considers contingency plans to evacuate Canadians from Lebanon, advises them to leave

Smoke rises from an Israeli strike against a Hezbollah target on June 25, in Khiam, Lebanon. Hezbollah and the Israeli Defense Forces have been trading cross-border fire since the Oct. 7 attacks, with the conflict escalating in May when the group launched a missile-carrying drone against Israel for the first time. Chris McGrath/Getty Images

Ottawa is preparing contingency plans to evacuate citizens from Lebanon if a full-scale war breaks out between Israel and Hezbollah, and has advised Canadians to leave the country because of its increasing volatility.

Foreign Affairs Minister Mélanie Joly on Tuesday warned that the situation could worsen if the armed conflict intensifies.

“The security situation in Lebanon is becoming increasingly volatile and unpredictable due to sustained and escalating violence between Hezbollah and Israel and could deteriorate further without warning,” Ms. Joly said in a statement.

She said Canadians should not travel to Lebanon and “for Canadians currently in Lebanon , it’s time to leave, while commercial flights remain available.”

A war between Israel and Lebanon’s Hezbollah militant group could be “a catastrophe that goes far beyond the border, and frankly, beyond imagination,” United Nations Secretary-General António Guterres warned last week, amid rising rhetoric and fears of further conflict.

Hezbollah began firing rockets into Israel shortly after its regional ally Hamas attacked Israel last October. Since then, Hezbollah and Israel have exchanged near-daily cross-border strikes, escalating gradually. Last week, the Israeli army said it has “approved and validated” plans for an offensive in Lebanon, although the decision to launch such an operation would have to come from the country’s political leadership.

The Department of National Defence said Tuesday that the Canadian Armed Forces are working with the Canadian embassy in Lebanon on preparations for eventualities.

“In support of Global Affairs Canada, CAF personnel are currently assisting the Canadian embassy in Lebanon with contingency planning,” said Cheryl Forrest, a defence department spokeswoman, in a statement.

“The situation in Lebanon is volatile and unpredictable due to ongoing events in Israel, the West Bank, and the Gaza Strip and sustained and escalating violence between Hezbollah and Israel. There are violent clashes along the border with Israel, including daily rocket and missile fire as well as air strikes.”

The statement added the CAF is in continual contact with Canadian government partners, “as well as with allies and like-minded nations, monitoring the global landscape to maintain awareness of upcoming threats that may result in requests to support Canadians and Canadian interests.”

In 2006, Canada evacuated thousands of its citizens from Lebanon after war broke out between Israel and Hezbollah. Israel launched air attacks and ground incursions into Lebanese territory after Hezbollah had conducted a raid into Israel killing several Israeli soldiers and capturing two.

Canadians were evacuated by sea to holding centres in Cyprus and Turkey, and from there by air to Canada. There were 34 departures by ship from the port of Beirut and another from the port of Tyre. Evacuees were flown to Canada on 61 chartered flights, with an additional four flights on aircraft belonging to the defence department.

The costly evacuation prompted criticism at the time, with some claiming that many of the evacuees had citizenship but tenuous ties to Canada, which led to some being referred to as “Canadians of convenience.”

In 2013, contingency plans to evacuate tens of thousands of Canadian citizens living in Lebanon were drawn up by the federal government, as fears grew of a looming war between Hezbollah and Israel. At the time, Ottawa issued increasingly strong warnings against travel to Lebanon, and urged those already there to leave while commercial travel was available.

Israeli media reported Tuesday that Ms. Joly held a conversation with its Foreign Minister, Israel Katz, and that preparations for a possible future evacuation of Canadians from Lebanon were discussed. Ms. Joly’s office was unavailable for comment.

With a report from Associated Press

Report an editorial error

Report a technical issue

Editorial code of conduct

Follow related authors and topics

• Marie Woolf Follow You must be logged in to follow. Log In Create free account
• Israel Follow You must be logged in to follow. Log In Create free account
• Israeli-Palestinian conflict Follow You must be logged in to follow. Log In Create free account
• Lebanon Follow You must be logged in to follow. Log In Create free account
• Politics Follow You must be logged in to follow. Log In Create free account

Authors and topics you follow will be added to your personal news feed in Following .

Interact with The Globe

• Newsletters
• Best Industries
• Business Plans
• Home-Based Business
• The UPS Store
• Customer Service
• Black in Business
• Your Next Move
• Female Founders
• Best Workplaces
• Company Culture
• Public Speaking
• HR/Benefits
• Productivity
• All the Hats
• Digital Transformation
• Artificial Intelligence
• Bringing Innovation to Market
• Cloud Computing
• Social Media
• Data Detectives
• Exit Interview
• Bootstrapping
• Crowdfunding
• Venture Capital
• Business Models
• Personal Finance
• Founder-Friendly Investors
• Upcoming Events
• Inc. 5000 Vision Conference
• Become a Sponsor
• Cox Business
• Verizon Business
• Branded Content
• Apply Inc. 5000 US

Inc. Premium

3 Ways to Help Disaster-Proof Your Business

Discover measures to safeguard your business against unseen threats, ensuring continuity in cash flow..

In the wake of the recent cyber attack on Change Healthcare , many healthcare providers could not process and collect revenue. This incident serves as a wake-up call for businesses in all sectors, emphasizing the need for robust contingency planning and financial resilience . Here's how your business can prevent a similar fate.

1. Implement a backup plan for invoicing and collections.

The first line of defense against operational disruption is a solid backup plan. As a green CFO, I had a point-of-sales system fail during the busiest week of historical sales. The backup system at the time was carbon copies of credit cards, which is not great but better than nothing. I quickly looked for alternatives and implemented an alternative credit card collection process after that failure. 

For industries like healthcare, where regulations and data sensitivity are paramount, engaging with service providers is crucial to understanding the backup systems for invoicing and revenue collection. For industries with more control of their revenue cycle, using an accounting system payment, such as QuickBooks, as an alternative is a reliable and secure alternative process that can keep the cash flow steady even during system outages.

2. Secure a line of credit to cushion financial shocks.

Access to a line of credit can be a lifesaver in times of financial strain caused by unexpected events like cyber attacks. I advise clients to secure a line of credit sufficient to cover two to three months of fixed operating costs, which include payroll, rent and fixed costs of sales. Obtaining this financial buffer during favorable economic conditions is typically more feasible and can provide essential support during challenging times, helping to maintain operations until normalcy is restored.

3. Build a strong cash reserve.

A proactive approach to financial management involves building a cash reserve. I recommend that clients start saving the equivalent of one month's fixed operating costs and gradually increase it to two or three months' worth. The cash reserve offers a significant buffer against sudden income disruptions. This reserve acts as an additional layer of security, ensuring that your business can withstand unforeseen financial pressures without immediate recourse to external funding.

The cash reserve also allows you to capitalize on opportunities, such as hiring a new employee before revenue exists or acquiring an ancillary business. I used my cash reserve in my consulting business to acquire a software company, FinDaily . Building a cash reserve for opportunities is one reason why Warren Buffet has a record cash pile in Berkshire Hathaway , which he affectionately refers to as his elephant gun. 

The cyber attack on Change Healthcare is a stark reminder of the ever-present cyber risks facing businesses today. By taking proactive steps such as establishing a backup invoicing system, securing a line of credit, and building a cash reserve, businesses can enhance their resilience against future cyber threats and ensure uninterrupted operations, regardless of the challenges that may arise.

The Daily Digest for Entrepreneurs and Business Leaders

Privacy Policy

Cookies on GOV.UK

We use some essential cookies to make this website work.

We’d like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services.

We also use cookies set by other sites to help us deliver content from their services.

You have accepted additional cookies. You can change your cookie settings at any time.

You have rejected additional cookies. You can change your cookie settings at any time.

Bring photo ID to vote Check what photo ID you'll need to vote in person in the General Election on 4 July.

• Education, training and skills
• Running and managing a school

Meeting digital and technology standards in schools and colleges

Digital leadership and governance standards.

Find out what standards your school or college should meet on digital leadership and governance.

Good digital technology governance:

• identifies roles and responsibilities
• establishes critical processes to manage digital technology
• ensures that up-to-date information on the school or college’s digital technology is available to support decision making

We refer to hardware, software and digital services as digital technology throughout the following standards.

The job titles in these standards may not fit in your educational setting, but the responsibilities described should be applied to the most relevant person.

You should complete the first 3 standards before moving to the last standard on creating your digital technology strategy. This is so you can successfully build your strategy in line with your school or college’s development plan.

Visit our standards page for more details on how to use the standards to help your school or college meet their digital technology needs.

Assign a senior leadership team (SLT) member to be responsible for digital technology 

Why this standard is important  .

Schools and colleges need a member of their SLT to: 

• have strategic oversight of all digital technology and how it fits with their development plan 
• create and manage the digital technology strategy led by the needs of staff and students, not the technology itself 
• help all staff to embed digital technology that meets staff and student needs 

Having clearly defined roles and responsibilities will help schools and colleges focus the digital technology strategy around their development plan. Without this focus, there’s a risk that: 

• the use of technology will only meet short-term needs that could potentially lead to additional unplanned costs 
• schools and colleges will be exposed to safeguarding and security issues 
• new digital technology will not be compatible with existing technology used by the school or college 

Who needs to be involved 

The headteacher or principal will have responsibility for making sure this standard is met by assigning a SLT digital lead.  

The SLT digital lead is usually someone with teaching experience. They will act as a link between: 

• technical staff 
• curriculum leads 
• the data protection officer
• the designated safeguarding lead
• school, college and trust business professionals or the finance team 
• the trust IT director or equivalent (if applicable) to align with the digital technology strategy 

How to meet this standard 

To meet this standard, the headteacher or principal should appoint someone who is responsible for digital technology. They do not need to be an expert, but some technical knowledge or interest could be advantageous for this role. 

They will be accountable for: 

• the delivery of the digital technology strategy based on teaching and learning outcomes and organisational needs 
• encouraging and supporting the use of digital technology across the school or college 
• reviewing the effectiveness of IT support to inform decision making and taking action, when necessary 
• identifying and acting on digital technology training needs for staff and students 

Governors or trustees should also consider assigning a digital link role within the governing body or board of trustees.  

When to meet this standard 

You will need to assign the role of the SLT digital lead within your school or college before you can create your digital technology strategy.

• Keep registers relating to hardware and systems up to date 

Why this standard is important 

A contracts register, asset register and information asset register will help your school or college to: 

• understand what digital data, equipment and systems you have
• manage digital data, equipment and systems effectively 
• keep track of buying and licensing so that schools or colleges can get better value for money when renewing software and hardware 

Not having these registers in place for digital technology could lead to: 

• budget pressures due to accidental renewal of subscriptions, software and hardware that might not be needed, or are not the best value for money 
• safeguarding and cyber security issues as software might not be up to date 
• lost learning and workload burdens if software or hardware is not budgeted for or supported 

To meet this standard, the senior leadership team ( SLT ) digital lead will need to work with the following people: 

• school, college or trust business professionals or the finance team

To meet this standard, schools and colleges should include digital technology within their: 

• contracts register 
• asset register 
• information asset register 

By including digital technology in these documents, schools and colleges will know what contracts, digital technology and data they have, and when they need to be reviewed. 

Contracts register 

The contracts register includes, but is not limited to: 

• subscriptions 
• contracts related to your broadband, IT support and technology provider 
• a list of your school or college’s approved apps 

It can also capture the value of the contracts which helps to monitor spend and make savings where possible. 

Commercial and procurement information should be updated by the business or finance team, and IT support should update technical information. This contract register must be kept up to date. 

Asset register 

An asset register is a log of all the physical digital technology and tools that are within the school or college and should detail: 

• what equipment you have 
• asset numbers 
• serial numbers 
• who it is assigned to 
• where it is within the school or college 
• when it was purchased
• how old it is – this may be different to how long you have owned it, as it may be second-hand equipment 
• when it is due for review so that you can consider a replacement or upgrade 
• date it was securely disposed of 

The SLT digital lead owns this register and is responsible for making sure processes are in place for IT support to keep the register up to date.  

Information asset register ( IAR ) 

An IAR is a log of the digital data that is held on staff and students and is owned by the data protection officer. The SLT digital lead is responsible for making sure there is a process in place for: 

• IT support to update the data protection officer on any digital technology data that needs to be included in the register 
• the data protection officer to use the existing IAR to identify and report any potential changes that may need to be made to your digital technology strategy to the SLT digital lead – for example, if your IAR identified the need for security improvements with your servers 
• reviewing the digital technology aspects of the IAR  

You should already be updating your registers every time something changes.  

However, the SLT digital lead should review these registers ahead of your next financial planning cycle, and before you move on to the next standard to create your digital technology strategy.  

 Related standards 

The following standards should also be considered when documenting and monitoring your data, equipment, and systems. 

Servers and storage standards 

• Servers and related storage platforms must be secure and follow data protection legislation  
• All server and related storage platforms should be kept and used in an appropriate physical environment  

Cyber security standards 

• Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date  

Laptops, desktops and tablets standards 

• Devices should meet educational needs and support the digital technology strategy   
• Make sure devices are energy efficient, and they are bought and disposed of sustainably

Include digital technology within disaster recovery and business continuity plans 

You should have a process in place to review and update the disaster recovery and business continuity plans, including those related to digital technology.  

Not doing so will risk: 

• significant disruption to a school or college in the event of a disaster, such as a cyber attack 
• unplanned spend from a disaster that was not expected 
• potential loss of data or a data breach 

This process will help your school or college to continue to operate and provide teaching and learning even during emergencies. This will help prevent lost learning and will also mean that: 

• staff, students and parents or carers will know what to do and what to expect in an emergency 
• there will be a clear definition of what a ‘disaster’ looks like for your school or college 
• you can test your disaster recovery plan to identify gaps within it 

The senior leadership team ( SLT ) digital lead will be responsible for this standard, but will need input from:  

• the operational team (such as finance, IT support and estate management), teaching and other admin staff to understand risks and any actions that can be taken to avoid them 
• the designated safeguarding lead, who can advise on safeguarding needs and concerns in the event of a disaster 
• the data protection officer to provide advice for mitigating data risks and emergency responses 
• governors or trust leadership who will review, support and challenge these plans and provide sign-off, if required 
• any outsourced services or suppliers (for example, management information systems, broadband or cloud services) to understand their protocols and include them in plans 

Digital technology should work with your existing business continuity and disaster recovery plans. To do this you should either include digital technology in your existing plans or have a separate plan for digital technology. Both plans need to be reviewed and updated annually or when a significant change occurs.  

Once your plans have been completed, you should create a summary document with top-level details (such as key contacts for when a disaster occurs) to be shared securely with all staff. 

The business continuity and disaster recovery plans, including the summary documents, should be: 

• printed out to retain hard copies in case of an emergency, such as a cyber incident 
• kept online in a secure, shared folder location in the cloud, with remote access granted to those in your disaster recovery team 

Disaster recovery plan 

Your disaster recovery plan is a living document to use when a disaster takes place. It should be tested annually (at a minimum) to identify any gaps in knowledge or work needed within your digital technology estate.  

It is a set of rules to follow depending on the disaster and should include details such as: 

• a definition of what a disaster for digital technology means to your school or college, defined by how long you can function when the disaster takes place 
• who they are
• what they are responsible for
• their contact details 
• how you will test your disaster recovery plan – for example, simulating data loss or hardware failure 

Business continuity plan 

Your business continuity plan should look at: 

• assessing risks of digital technology 
• steps that can be taken to reduce risk 
• actions that need to be taken if risk occurs and there is a need for recovery 

Insurance companies may ask all schools and colleges for these documents as part of risk management. So, you should already be meeting this standard or be working towards meeting it. 

Related standards 

The following links will also help you to meet this standard. 

Broadband internet standards 

• Schools and colleges should have a backup broadband connection to ensure resilience and maintain continuity of service  
• Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack  

Cloud solution standards 

• Make sure that appropriate data backup provision is in place  
• Cloud solutions must follow data protection legislation  
• Cloud solutions should use ID and access management tools  

Filtering and monitoring standards 

Your filtering system should block harmful and inappropriate content, without unreasonably impacting teaching and learning  

You should have effective monitoring strategies that meet the safeguarding needs of your school or college  

• Servers and related storage platforms must be secure and follow data protection legislation

Have a digital technology strategy that is reviewed every year

Before you review this standard, please make sure you complete the first 3 standards in this topic called: 

• Assign a senior leadership team ( SLT ) member to be responsible for digital technology 
• Include digital technology within disaster recovery and business continuity plans

Creating a digital technology strategy that is aligned with your development plan will help to make sure: 

• the digital technology used meets the needs of staff and students 
• your budget, buying decisions and any risks are managed 
• staff and students receive the training they need to use digital technology safely and effectively 
• you can assess the impact of digital technology against your strategy 

Not having a strategy in place could lead to: 

• disrupted learning if the digital technology does not support curriculum delivery 
• potential compromises to safeguarding  
• an increased risk of a cyber attack 
• budget pressures if digital technology systems fail and need to be replaced 
• buying digital technology that is not suitable for the school or college’s educational vision 
• a lack of resources (such as the right roles, budget and funding) to support the use and replacement of digital technology  

The SLT digital lead is accountable for this standard and will coordinate and manage the digital technology strategy with input from: 

• subject leaders, teaching and learning leads, heads of year, and exam officers to understand their teaching and learning needs for both staff and students  
• IT support, who will assess the existing hardware and software for whether they are fit for purpose and help identify any potential risks and gaps in resources 
• the operational team (for example the school, college or trust business professional, finance team or IT support) to help support and inform budget planning 
• designated safeguarding lead and data protection officer to give advice and identify risks and issues related to their roles  
• the person responsible for special education needs and disabilities to identify accessibility, diversity and inclusion needs 

Your governing body, school board or board of trustees will support and challenge any plans and decisions made on the digital technology strategy.  

To create a strategy, you could: 

• get input from your own school or college community 
• speak to other schools and colleges who have been through a similar process 

The SLT digital lead will need to understand the school or college’s development plan to make sure the digital technology strategy supports this. They will also need to know your current digital technology estate. This should include gathering information on: 

• contracts and assets, including physical and data assets 
• current and committed digital technology spend 
• risks, including disaster recovery plan (contingency planning) and business continuity plan 
• what technology students have access to outside of their school or college 
• training and development needs for staff and students to be able to meet the vision of the digital technology strategy 

Developing a vision 

The SLT digital lead should develop a longer-term vision for digital technology to support all educational and organisational needs. The vision: 

• should support the school or college’s development plan and educational vision 
• should be sustainable and minimise the impact on the environment 
• could be informed by stakeholders and by visiting other schools and colleges with similar needs to yours 

Creating and managing the strategy 

Once the vision has been finalised, the SLT digital lead should create a minimum 2-year strategy. This will take into consideration the changes in digital technology and the longer-term plans for what might need to be refreshed or replaced.  

The SLT digital lead will also need to: 

• revisit and review the strategy annually (at a minimum) and amend it in line with any changes 
• share a top-level summary of the strategy to key stakeholders 

To meet this standard, you will need to have met the previous 3 standards above. Once you have completed those, this standard can then be completed before your next budget cycle. 

The following standards should also be considered when creating your digital technology strategy:  

• cyber security  
• filtering and monitoring  
• laptop, desktop and tablet
• servers and storage  

Is this page useful?

• Yes this page is useful
• No this page is not useful

Help us improve GOV.UK

Don’t include personal or financial information like your National Insurance number or credit card details.

To help us improve GOV.UK, we’d like to know more about your visit today. Please fill in this survey (opens in a new tab) .