The contingency plan should also include hardware procedures to make sure that the applications critical to the organization’s operation can be duplicated, an electric generator and adequate fuel is available in case of an extended power outage, a backup of patient data and software application configurations critical to the organization’s operations, policies and procedures exist to ensure accurate patient identification when preparing for, during, and after downtimes (Ash, 2014). The use of paper forms may be necessary to replace key functions during downtimes. The contingency plan should also include a communication strategy that does not rely on the computing infrastructure, written policies and procedures on downtimes and recovery processes ensure continuity of operations, and the user interface of the locally maintained backup, read-only system is clearly differentiated from the live/production system (Ash, 2014). A comprehensive testing and monitoring strategy should be in place to prevent and manage downtime events. It’s also important that the staff are trained and tested on downtime and recovery …show more content…
A BIA is used to outline information about the overall system and threats. It addresses critical applications, tolerance levels, considers various disaster scenarios, and considers intangible effects, cash flow effects, extra expenses, and future effects (Whitman, 2008). Incident response planning basically outlines the identification of, classification of, and response to an incident. “The IRP is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. Incident response (IR) is a set of procedures that commence when an incident is detected (Whitman, 2008)”. It’s important to remember that IR is a reactive measure. Disaster recovery planning (DRP) prepares an organization for recovery from a disaster, whether natural or man-made. The goal of a DRP is defining how to reestablish operations at the primary location. A disaster recovery plan consists of a tested set of procedures for reacting to and recovering from a disaster. It addresses maintenance, testing, and training before a disaster occurs and what to do when one occurs in the future. A DRP should include remote storage and back up of data in a place that can be accessed from anywhere with an Internet connection, alternate